Date: Tue, 15 Feb 2000 08:59:58 -0700 (MST) From: Ivan Fetch <ivanfetch@technologist.com> To: Brent Kearney <brent@kearneys.ca> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Natd, ipfw, & redirect_port Message-ID: <Pine.LNX.4.20.0002150845140.982-100000@ibis.ivanfetch.tzo.com> In-Reply-To: <20000214130326.A6743@kearneys.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, One can not be totally sure without beeing able to see all of your firewall rules, but: I am accomplishing port redirections fine by using the constructs already configured through rc.conf. The first rule is to send everything through natd, so that if there is a redirection to be done it happens just fine, if not, the trafic is run through subsequent rules. Initially I had the same behavior as you (trafic just hangs on port X) because the kernel had not yet been recompiled to include ipfirewall and divert, so nothing was beeing passed through natd at all and the firewall was rejecting everything. Did you recompile a kernel including: options IPFIREWALL options IPDIVERT Ivan. On Mon, 14 Feb 2000, Brent Kearney wrote: > > I know this is covered by previous posts, but the archive is still > not back up, and I can't wait any longer. > > I'm running FreeBSD 3.4 on an x86, with NATd & two NICs. I'm trying > to forward all connections to a particular port on the outside > machine, to a particular port on on an inside machine (for ssh). I've > done this before (under 3.2 I think), and I don't remember it being > difficult at all. However, it's not working. > > Here's my natd rc.conf line: > > natd_flags="-n pn0 -m -log_denied -f /etc/natd.conf" > > And my natd.conf: > > redirect_port tcp Plato:22 2200 > redirect_port udp Plato:22 2200 > > One difference between my old setup (3.2) and the new one, is that now > I have default_to_accept disabled, so my firewall rules are quite a > bit tighter. However, because one of the first rules passes all IP > traffic to natd, do I need anything else? > > I tried this, to no avail, anyways (from rc.firewall): > > Allow connections to port 2200 for ssh access to Plato > $fwcmd add pass tcp from any to any 2200 setup > $fwcmd add pass udp from any to any 2200 > > Any connection attempts to port 2200 just sit there. I know the > problem is not on the internal machine (Plato), because computers on > the LAN have no problem connecting with ssh to it. > > Thanks for your help. > > -Brent > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.20.0002150845140.982-100000>