FW: FreeBSD 4.2 ipfw natd -- Port Forwarding?

["Jeffery, Kathryn" <Kathryn.Jeffery () thomascook com>]

-----Original Message-----
From: Russ [mailto:xminer () home com] 
Sent: Thursday, December 21, 2000 9:40 AM
To: firewall-wizards () nfr com
Subject: Re: [fw-wiz] FreeBSD 4.2 ipfw natd -- Port Forwarding?


At 02:23 AM 12/21/2000 -0500, you wrote:
> Hi,
>         What your looking to do can be done with NAT.  I did something 
> similar in the following manner:
>
> 1.) I created a file called natd.conf and placed it in /etc with the 
> following lines:
>
> redirect_port tcp 192.168.1.3:8877 8877
> redirect_port upd 192.168.1.3:8877 8877
>
> 2.) Then I did a chmod +x /etc/natd.conf
>
> 3.) Then, I added the following line in the /etc/rc.conf 
> file.   natd_flags="-f /etc/natd.conf"
>
> 4.) Reboot, it should work fine.  If you cant reboot, you can do this from 
> the commandline:  /sbin/natd -f /etc/natd.conf -n xl1 (replace x1l with 
> your public ethernet card)
>
> 5.) Then, you will just need to punch a hole in your firewall to allow 
> traffic to flow to those ports.




I will give the natd.conf a try but I think this is my question, how do I 
write the rule to allow these port to be open in my rc.firewall (ipfw) ? I 
can't seam to get the syntax right...  then the natd.conf entry you suggest 
should work.

$fwcmd allow from any to any 8877

or do I need to specify   $fwcmd allow  tcp  8877 from eif  (external 
interface)

I want the firewall to allow incoming traffic on that port  so natd can 
then redirect them... right?

Thanks





>         Hope this helps,
>
> -Willy
>
>
> At 01:19 12/19/00 -0800, you wrote:
> > Hi, fist time poster, thanks for the cool mailing list...
> >
> > I am using FreeBSD 4.2 and have set up a pretty good firewall using ipfw 
> > and natd via some tutorials and documentation I have found. So it works 
> > but now I need to customize it a little...
> >
> > Question:  How can I allow incoming connections through my firewall.  The 
> > client lets me specify what port to listen to incoming requests on, 
> > before I was using a router that had built in port forwarding... So the 
> > client is set to listen on 8877 and router forwards incoming request to 
> > port 8877 to computer with ip 192.168.1.3 for port 8877, you get the
picture?
> > I would like to learn how to write the rule in my ipfw script that might 
> > do the same thing, forward incoming requests to my external ip on port 
> > xxxx to internal ip xxx.xxx.xxx.xxx port xxxx.  The port would not change 
> > of course...
> >
> > how do I write the rule? I suppose this rule could be used for any 
> > incoming request, and I am sure people use it to allow access to http and 
> > ftp through a firewall, so there must be an acceptable rule to do it, any 
> > ideas?
> >
> > $ipfw pass tcp "for port 8877 only" to 192.168.1.3:8877 via $oif 
> > (external interface) ?  I have no clue how it should be.
> >
> >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards () nfr com
> > http://www.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards


**********************************************************************
IMPORTANT NOTICE:
This email is confidential, may be legally privileged, and is for
the intended recipient only. Access, disclosure, copying,
distribution or reliance on any of it by anyone else is
prohibited and may be a criminal offence. Please delete if 
obtained in error. Any views expressed in this message are
those of the individual sender, except where the sender 
specifically states them to be the views of 
Thomas Cook Holdings Ltd.
**********************************************************************

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards