Firewall Wizards mailing list archives
Re: FreeBSD 4.2 ipfw natd -- Port Forwarding?
From: Hamilton Hoover <hamilton () twopoint com>
Date: Fri, 22 Dec 2000 12:16:42 -0600
Russ wrote:
Hi, fist time poster, thanks for the cool mailing list... I am using FreeBSD 4.2 and have set up a pretty good firewall using ipfw and natd via some tutorials and documentation I have found. So it works but now I need to customize it a little... Question: How can I allow incoming connections through my firewall. The client lets me specify what port to listen to incoming requests on, before I was using a router that had built in port forwarding... So the client is set to listen on 8877 and router forwards incoming request to port 8877 to computer with ip 192.168.1.3 for port 8877, you get the picture? I would like to learn how to write the rule in my ipfw script that might do the same thing, forward incoming requests to my external ip on port xxxx to internal ip xxx.xxx.xxx.xxx port xxxx. The port would not change of course... how do I write the rule? I suppose this rule could be used for any incoming request, and I am sure people use it to allow access to http and ftp through a firewall, so there must be an acceptable rule to do it, any ideas? $ipfw pass tcp "for port 8877 only" to 192.168.1.3:8877 via $oif (external interface) ? I have no clue how it should be.
you would add somthing like this afer your divert rule:
${ipfw} allow log tcp from any to <publicaddress> 8877 via ${oif}
additionaly you may want to set the from "any" to a specific ip address
and or port range for the machine you want to connect from the internet.
publicaddress should be your "real" ip address.
then...
you will need to add a forward statement to your natd.conf. read natd(8)
to the exact syntax but it will be somthing like:
redirect_port tcp 192.168.1.3:8877 xxx.xxx.xxx.xxx:8877
where the second ip is your real ip from the ipfw rule above.
in essence, you allow the traffic to reach the firewall with the ipfw
rule and then you redirect the traffic using natd.
Hamilton Hoover
Systems Administrator
Two Point Conversions
--
"I hate computers. They are still better than people, but the margin is
narrowing."
~ M. Jinks, friend and mentor
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- FreeBSD 4.2 ipfw natd -- Port Forwarding? Russ (Dec 20)
- Re: FreeBSD 4.2 ipfw natd -- Port Forwarding? Hamilton Hoover (Dec 24)
- Message not available
- Re: FreeBSD 4.2 ipfw natd -- Port Forwarding? Russ (Dec 24)
- Re: FreeBSD 4.2 ipfw natd -- Port Forwarding? Crist Clark (Dec 24)
- Re: FreeBSD 4.2 ipfw natd -- Port Forwarding? Michael A. Williams (Dec 24)
- <Possible follow-ups>
- FW: FreeBSD 4.2 ipfw natd -- Port Forwarding? Jeffery, Kathryn (Dec 27)