Date: Mon, 20 Nov 2006 10:10:49 +0800 From: "Wood, Russell" <Russell.Wood@rac.com.au> To: "Nilton Volpato" <nilton.volpato@gmail.com>, <freebsd-questions@freebsd.org> Subject: RE: port redirection with natd and ipfw Message-ID: <D6B5375CBC761B4BAD78E414B4BB55724A21F9@mercury.rac.com.au>
next in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of Nilton Volpato > Sent: Sunday, 19 November 2006 7:13 AM > To: freebsd-questions@freebsd.org > Subject: port redirection with natd and ipfw >=20 > Hi, >=20 > I'm using a computer with FreeBSD as a gateway and NAT for a private > LAN. Let's say the gateway has external.com as external address, and > 192.168.0.1 as internal address, so that the LAN is 192.168.0.0/24. >=20 > I'm doing a number of port redirects in the gateway, for svn, http, > https, ssh, etc using natd. However, these port redirects do not work > from inside the LAN. >=20 > For instance, if I point my browser to http://external.com and I'm in > the LAN, then it will not work. I can't use the internal address of > the web server because none of the links will work on the web page. >=20 > In summary, I want that my port redirections work also when I try to > connect to the gateway's external address from inside the LAN. >=20 > I'm using a minimal ipfw configuration to try to solve this. This is > the default configuration. >=20 > 00050 divert 8668 ip4 from any to any via vr0 > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 deny ip from 127.0.0.0/8 to any > 65000 allow ip from any to any > 65535 deny ip from any to any >=20 > I tried to add: >=20 > 00060 divert 8668 ip4 from 192.168.0.0/24 to external.com >=20 > expecting that it would send the packets from LAN to natd, which would > apply the port redirections. But it did not work. >=20 > How can I solve this? >=20 > Thanks, > -- Nilton I had a similar setup once and used Split DNS with BIND. So, if you requested example.com on 192.168.0.0/24 then you'd get the internal IP, otherwise you got the external IP. Regards, Russell Wood DISCLAIMER: Disclaimer. This e-mail is private and confidential. If you are not the = intended recipient, please advise us by return e-mail immediately, and = delete the e-mail and any attachments without using or disclosing the = contents in any way. The views expressed in this e-mail are those of the = author, and do not represent those of this company unless this is = clearly indicated. You should scan this e-mail and any attachments for = viruses. This company accepts no liability for any direct or indirect = damage or loss resulting from the use of any attachments to this e-mail.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D6B5375CBC761B4BAD78E414B4BB55724A21F9>