Date: Mon, 12 Jan 2004 20:14:45 -0600 From: "Budec" <budec@qwest.net> To: "Ronnie Clark" <ronnie@txnetsecurity.com>, "'Budec'" <budec@qwest.net>, "'FreeBSD-questions list'" <freebsd-questions@freebsd.org> Subject: RE: Port forwarding Message-ID: <DIEOLEPNIDLIJHMBILKJAEFCDIAA.budec@qwest.net> In-Reply-To: <003801c3d97a$ef12f3a0$0a07070a@bullitt>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the reply.
I'm using the default 'rc.firewall' and in the /etc/rc.config I have it set
up to use "OPEN".
>From what I can tell, it looks like I'm passing everything by default...
here is a snip of the config (not all of the /etc/rc.firewall file, just the
OPEN parts)
[snip]
case ${firewall_type} in
[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt])
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add 50 divert natd all from any to any via
${natd_interface}
fi
;;
esac
esac
[snip]
case ${firewall_type} in
[Oo][Pp][Ee][Nn])
# bud
#${fwcmd} add count log tcp from any to any setup
#${fwcmd} add count log udp from any to any keep-state
# clients
# ${fwcmd} add allow tcp from any to 192.168.17.1 5121 keep-state
# ${fwcmd} add allow udp from any to 192.168.17.1 5121 keep-state
# ${fwcmd} add allow tcp from any to 192.168.17.25 5121 keep-state
# ${fwcmd} add allow udp from any to 192.168.17.25 5121 keep-state
# Gamespy
# ${fwcmd} add allow udp from 192.168.17.1 5121 to 216.177.89.34 27900
keep-state
# ${fwcmd} add allow udp from 192.168.17.1 5121 to 66.244.193.142 5121
keep-state
# ${fwcmd} add allow udp from 192.168.17.25 5121 to 216.177.89.34
27900 keep-state
# ${fwcmd} add allow udp from 192.168.17.25 5121 to 66.244.193.142
5121 keep-state
${fwcmd} add 65000 pass all from any to any
;;
'pass all from any to any' should do it right?
Regards,
Jack
> -----Original Message-----
> From: Ronnie Clark [mailto:ronnie@txnetsecurity.com]
> Sent: Monday, January 12, 2004 8:14 PM
> To: 'Budec'; 'FreeBSD-questions list'
> Subject: RE: Port forwarding
>
>
> Jack,
>
> What do our firewall rules look like? Is there a rule to allow
> 5122 traffic
> into the outside interface?
>
> Just a thought,
> Ron Clark
>
>
> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Budec
> Sent: Monday, January 12, 2004 7:50 PM
> To: 'FreeBSD-questions list'
> Subject: Port forwarding
>
>
>
>
>
> Hello,
>
> I have been trying to get this working for days and am obviously doing
> something wrong and was wondering if any Guru's out there could give a
> little guidance. Basically I'm looking to run a game server behind a
> FreeBSD firewall. Here is my setup:
>
> {internet} <-> [public address] - Firewall <-> (internal address) Game
> server
>
> Lets say public address is 1.2.3.4 and private address is
> 192.168.17.25 port
> is 5122
>
>
> In the /etc/rc.conf I set the firewall policy to "OPEN" and
> enabled natd, I
> gave it the natd options of "-f /etc/natd.conf"... for "ipnat" I have that
> set to "NO" (not sure what it does)
>
> In the natd.conf file I have this:
>
> redirect_port tcp 192.168.17.25:5122 5122
> redirect_port udp 192.168.17.25:5122 5122
>
> I restart natd and theatrically everything that hits 1.2.3.4 on port 5122
> should be automatically redirected to 192.168.17.25 port 5122, right?
>
> I have also tried this (since the public interface is aliases
> (has more than
> one public address associated with it)):
>
> redirect_port tcp 192.168.17.25:5122 1.2.3.4:5122
> redirect_port udp 192.168.17.25:5122 1.2.3.4:5122
>
>
>
> Which doesn't seem to work either. Any ideas?
>
> Regards,
> Jack
>
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DIEOLEPNIDLIJHMBILKJAEFCDIAA.budec>