Firewall Wizards mailing list archives
Re: FreeBSD 4.2 ipfw natd -- Port Forwarding?
From: Russ <xminer () home com>
Date: Thu, 21 Dec 2000 01:40:10 -0800
At 02:23 AM 12/21/2000 -0500, you wrote:
Hi,What your looking to do can be done with NAT. I did something similar in the following manner:1.) I created a file called natd.conf and placed it in /etc with the following lines:redirect_port tcp 192.168.1.3:8877 8877 redirect_port upd 192.168.1.3:8877 8877 2.) Then I did a chmod +x /etc/natd.conf3.) Then, I added the following line in the /etc/rc.conf file. natd_flags="-f /etc/natd.conf"4.) Reboot, it should work fine. If you cant reboot, you can do this from the commandline: /sbin/natd -f /etc/natd.conf -n xl1 (replace x1l with your public ethernet card)5.) Then, you will just need to punch a hole in your firewall to allow traffic to flow to those ports.
I will give the natd.conf a try but I think this is my question, how do I write the rule to allow these port to be open in my rc.firewall (ipfw) ? I can't seam to get the syntax right... then the natd.conf entry you suggest should work.
$fwcmd allow from any to any 8877or do I need to specify $fwcmd allow tcp 8877 from eif (external interface)
I want the firewall to allow incoming traffic on that port so natd can then redirect them... right?
Thanks
Hope this helps, -Willy At 01:19 12/19/00 -0800, you wrote:Hi, fist time poster, thanks for the cool mailing list...I am using FreeBSD 4.2 and have set up a pretty good firewall using ipfw and natd via some tutorials and documentation I have found. So it works but now I need to customize it a little...Question: How can I allow incoming connections through my firewall. The client lets me specify what port to listen to incoming requests on, before I was using a router that had built in port forwarding... So the client is set to listen on 8877 and router forwards incoming request to port 8877 to computer with ip 192.168.1.3 for port 8877, you get the picture?I would like to learn how to write the rule in my ipfw script that might do the same thing, forward incoming requests to my external ip on port xxxx to internal ip xxx.xxx.xxx.xxx port xxxx. The port would not change of course...how do I write the rule? I suppose this rule could be used for any incoming request, and I am sure people use it to allow access to http and ftp through a firewall, so there must be an acceptable rule to do it, any ideas?$ipfw pass tcp "for port 8877 only" to 192.168.1.3:8877 via $oif (external interface) ? I have no clue how it should be._______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- FreeBSD 4.2 ipfw natd -- Port Forwarding? Russ (Dec 20)
- Re: FreeBSD 4.2 ipfw natd -- Port Forwarding? Hamilton Hoover (Dec 24)
- Message not available
- Re: FreeBSD 4.2 ipfw natd -- Port Forwarding? Russ (Dec 24)
- Re: FreeBSD 4.2 ipfw natd -- Port Forwarding? Crist Clark (Dec 24)
- Re: FreeBSD 4.2 ipfw natd -- Port Forwarding? Michael A. Williams (Dec 24)
- <Possible follow-ups>
- FW: FreeBSD 4.2 ipfw natd -- Port Forwarding? Jeffery, Kathryn (Dec 27)