Date: Fri, 26 May 2000 16:49:07 -0700 From: Tony Hayes <tony@matchcraft.com> To: freebsd-ipfw@freebsd.org Subject: IP/Port Forwarding Message-ID: <392F0D73.E15077E1@matchcraft.com>
next in thread | raw e-mail | index | archive | help
Hey, I got one I've been trying to figure out for the last two weeks... Here's the situations: I have a FreeBSD box running both ipfw and natd. I need to be able to forward any ssh packets coming in to the external interface to an interal address at the same port. ie. I want to be able to ssh from anywhere on the outside and be forwarded to an internal box. Here's the rule list I'm using: ipfw add divert natd all from any to any via fxp1 ipfw add allow ip from any to any via lo0 ipfw add deny ip from any to 127.0.0.1 ipfw add allow ip from any to any ipfw add allow tcp from any to any ipfw add allow udp from any to any -Default rule is deny ip from any to any. natd -p 8668 -n fxp1 -redirect_port tcp 172.16.0.250:22 209.157.63.5:22 This appears to half work. natd only shows incoming traffic destined for the internal address. I ran natd in verbose mode to make sure the aliasing was correct (which it was). I ran a tcpdump on the internal box, and saw the packets coming and going on port 22. The problem is, the aliasing seems only to be working in one direction(incoming). None of the outgoing packets go through the fw. In the verbose output of natd, it shows "IN" for the incoming packets and "OUT" for the outgoing. I could see the incoming ssh packets and could verify they are aliased for the correct destination. The problem was that there were no outgoing packets for ssh. There were other outgoing packets, but none for ssh. This seems very odd to me because I could see ssh packets coming in on the internal box, yet none of the packets are aliased back to the origional source. Any help would be greatly appreciated. Tony To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?392F0D73.E15077E1>