Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 25 Sep 2002 09:41:44 +0200
From:      "Juraj Petrik" <juro@software602.sk>
To:        <freebsd-security@freebsd.org>
Cc:        <freebsd-ipfw@freebsd.org>
Subject:   IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease
Message-ID:  <002201c26467$1fdf9270$7a01a8c0@pcjuro>

Next in thread | Raw E-Mail | Index | Archive | Help
hello,
can you help me, please,

I'm trying to run firewall with using
IPFilter, IPNAT and Dummynet, on FreeBSD

I'm readed so much HOWTOs but, I can't do
redirection to another server in internal
network:
rl0 - WAN (194.x.x.0/24) 194.x.x.22 if FreeBSD box
rl1 - LAN (192.168.1.0/24) 192.168.1.22 if FreeBSD box
rl2 - DMZ (10.0.0.0/24) 10.0.0.22 if FreeBSD box

my server is now on LAN, not on DMZ.

I'm using FreeBSD 4.7 prerelease from CVS.

In kernel config have added:
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=30
options         IPFIREWALL_FORWARD
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPDIVERT
options         DUMMYNET

options         IPFILTER
options         IPFILTER_LOG
options         IPFILTER_DEFAULT_BLOCK
options         RANDOM_IP_ID

in /etc/rc.conf have:
tcp_extensions="YES"
gateway_enable="YES"
portmap_enable="NO"

#firewall_enable="YES"
#firewall_type="/etc/dummynet.conf"
#firewall_logging="NO"

ipfilter_enable="YES"
ipfilter_flags=""
ipfilter_rules="/etc/ipf.conf"

ipnat_enable="YES"
ipnat_flags=""
ipnat_rules="/etc/ipnat.conf"

ipmon_enable="YES"
ipmon_flags="-Dns -l block"

in /etc/ipf.conf:
pass in log all
pass out log all

in /etc/ipnat.conf:
map rl0 192.168.1.0/24 -> 194.x.x.22/32
map rl0 0/0 -> 194.x.x.22/32 proxy port ftp ftp/tcp

map rl0 192.168.1.0/24 -> 194.x.x.22/32 portmap tcp/udp 12500:60000
map rl0 192.168.1.0/24 -> 194.x.x.22/32

rdr rl0 194.x.x.22/32 port 80 -> 192.168.1.35 port 80
rdr rl0 194.x.x.22/32 port 22 -> 192.168.1.35 port 22

NAT from LAN to internet works OK,
but from Internet I can't redirct connect to server 
on LAN (192.168.1.35)

Please help me ANYBODY!!!!
-jp-

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?002201c26467$1fdf9270$7a01a8c0>