From owner-freebsd-chat@FreeBSD.ORG Thu Jul 27 16:47:38 2006 Return-Path: X-Original-To: freebsd-chat@freebsd.org Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB4A516A4DF for ; Thu, 27 Jul 2006 16:47:38 +0000 (UTC) (envelope-from adam.egan@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4537D43D4C for ; Thu, 27 Jul 2006 16:47:37 +0000 (GMT) (envelope-from adam.egan@gmail.com) Received: by nf-out-0910.google.com with SMTP id n29so232954nfc for ; Thu, 27 Jul 2006 09:47:35 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=nh2r2PHbNWMy9zUl7I1yeI+yIZ2LpEkGFBrFV7wmvrAe2wSCKk1kS9YfamQexQ/bKBH5iS128u7KFdRyoQAcxkoat5iftxMLZ1TJ0Bp4q5scjJ4lRGgey6GGlwK+4iDrhOdCa2NclNKlnaMvWl+QebKkmHsrdZbTYEr7HOhFsy0= Received: by 10.49.42.5 with SMTP id u5mr213939nfj; Thu, 27 Jul 2006 09:47:34 -0700 (PDT) Received: by 10.48.207.18 with HTTP; Thu, 27 Jul 2006 09:47:34 -0700 (PDT) Message-ID: <28745bbf0607270947i6d71369fg5c1403b2d6e36219@mail.gmail.com> Date: Thu, 27 Jul 2006 17:47:34 +0100 From: "Adam Egan" To: freebsd-chat@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: ipfw and natd routing problems X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2006 16:47:38 -0000 Hi, I've recently installed FreeBSD on a Soekris Net 4801 to act as my LAN's router. I have got natd and ipfw working fine (there was originally some trouble with getting an IP from NTL via dhcp because I hadn't allowed the cable modem's ip to talk to the router, or NTL's dhcp servers to also talk to the router). My only problem now is that although connections going out through natd work fine, natd port forwarding does not work correctly. I am not sure whether this is a problem with natd or just my ipfw rule(s), though I am more inclined to believe it is ipfw! ipfw and natd are enabled in /etc/rc.conf through the following lines: #enable firewall firewall_enable="YES" #path to rules firewall_type="/etc/fw/firewall.rules" #be non-verbose? firewall_quiet="NO" #enable natd natd_enable="YES" #natd interface natd_interface="sis0" #flags for natd natd_flags="-f /etc/fw/natd.conf" Below is my ipfw natd rule, and the natd.conf file: [ipfw] # check if incoming packets belong to a natted session, allow through if yes add 01000 divert natd ip from any to any in via sis0 add 01001 check-state [natd.conf] unregistered_only interface sis0 use_sockets dynamic punch_fw 2000:100 same_ports redirect_port tcp 192.168.0.5:80 80 redirect_port tcp 192.168.0.5:6700-6725 6700-6725 When trying to access port 80 (the httpd) externally, the connection just times out, as does any other connection. Any help would be greatly appreciated! Adam