Hi Roger,
I think what you want to do is from the inside you want to really hit
192.168.1.103 but by way of the outside IP. So how about this:
Don't know what you inside interface is so I will assume it is fxp1
fxp1 my.public.ip.adress/32/32 port 80 -> 192.168.1.103 port 80 tcp
so the packet should be rewritten if it is headed to your outside IP.
--Wes
On Aug 28, 2006, at 2:31 PM, Roger Olofsson wrote:
Dear Mailing List,
I have a FreeBSD 5.5 prerelease with ipf and ipnat on it acting as
gateway
for my small home lan. The gateway also hosts a few webservers,
some on
port 443 and some on 80. Another FreeBSD machine is running another
webserver on the LAN (192.168.1.103). To get the .103 webserver out
through
the gateway I've opened a port on the gate (1989) and redirected
that port
to the .103 machine.
The configuration to get the .103 webserver out is:
ipf.rules
pass in quick on xl0 proto tcp from any to any port = 1989 flags S
keep
state keep frags
pass in quick on xl0 proto tcp from any to 192.168.1.103 port = 80
flags S
keep state keep frags
ipnat.rules
rdr xl0 my.public.ip.adress/32 port 1989 -> 192.168.1.103 port 80 tcp
To add to the confusion, the webserver on port 1929 has a redirect
through
dyndns webhop service, meaning surfing to http://mysite.webhop.info
redirects to my.public.ip.adress:1989.
Now to the mystery I can not solve on my own. A LAN machine
situated on the
192.168.1.x net can't access http://mysite.webhop.info, nor can it
access
my.public.ip.adress:1989. Why?
Needless to say, the other webservers running on the actual gateway
machine
all are fine. The only difference from them, in regards to ipf
+ipnat is the
rdr command.
Please help!
/Roger from Sweden
