Re: IPFW + NATD FORWARDING
mr. phreak [EMAIL PROTECTED] writes: Hi, I am having trouble with my IPFW+NATD forwarding. I know a lot of people have and I've googled my ass off. Still I can't get it right. I'm trying to forward port 1213 in/out for dc++ usage. this is my setup: __WAN router (192.168.1.1) | | (FreeBSD gateway/fw NIC1:ath0 (public) NIC2:rl0 (LAN) ) | |__ LAN (10.10.10.0/24) I use stateful rules and I'd like to forward port 1213 both ways using natd. I know NATD should take care of this as long as i allow port 1213 in/out from the firewall. I've tried this at almost every position in the ipfw.rules and now i ask where i should put it?? i.e it's not there right now. I've tried: $cmd [num] allow all from any to any 1213 (at various positions in ipfw.rules) still doesn't work. $cmd [num] divert natd all from any to any 1213. Can someone help me? Your firewall configuration is rather unconventional, but the basic idea makes sense. What isn't clear is how you want to use this dc++ program within your infrastructure. Because you are using dynamic rules, I assume that you want the connections to always originate inside your network. If that is the case, you shouldn't need any special configuration to natd (because every connection will be learned from the initial packet). If that's not the case, you will need to pick one internal machine to receive the connections coming in from outside. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
IPFW + NATD FORWARDING
Hi, I am having trouble with my IPFW+NATD forwarding. I know a lot of people have and I've googled my ass off. Still I can't get it right. I'm trying to forward port 1213 in/out for dc++ usage. this is my setup: __WAN router (192.168.1.1) | | (FreeBSD gateway/fw NIC1:ath0 (public) NIC2:rl0 (LAN) ) | |__ LAN (10.10.10.0/24) I use stateful rules and I'd like to forward port 1213 both ways using natd. I know NATD should take care of this as long as i allow port 1213 in/out from the firewall. I've tried this at almost every position in the ipfw.rules and now i ask where i should put it?? i.e it's not there right now. I've tried: $cmd [num] allow all from any to any 1213 (at various positions in ipfw.rules) still doesn't work. $cmd [num] divert natd all from any to any 1213. Can someone help me? J Here is my files: my natd.conf: use_sockets yes same_ports yes dynamic yes redirect_port tcp 10.10.10.2:1213 1213 redirect_port udp 10.10.10.2:1213 1213 ipfw.rules: ### start ipfw rules # ## ipfw -q -f flush # Delete all # INIT # oif=ath0 # out NIC cmd=ipfw -q add # quiet skip=skipto 4000 # skipto NATD. # BEGIN RULES # # # LAN NO RESTRICTIONS ### # $cmd 00300 allow all from any to any via rl0 # LOOPBACK NO RESTRICTIONS ## # $cmd 00400 allow all from any to any via lo0 # NATD IN? THEN TRANSLATE ### # $cmd 00450 divert natd ip from any to any in via $oif # CHECK-STATE ### # $cmd 00500 check-state ### ( OUTBOUND ) ### # DNS ## $cmd 00600 $skip tcp from any to 195.67.199.39 53 out via $oif setup keep-state $cmd 00610 $skip udp from any to 195.67.199.39 53 out via $oif keep-state # DHCP # $cmd 00700 $skip udp from any to any 67 out via $oif keep-state # HTTP # $cmd 00800 $skip tcp from any to any 80 out via $oif setup keep-state # HTTPS $cmd 00810 $skip tcp from any to any 443 out via $oif setup keep-state # POP SMTP ### $cmd 00900 $skip tcp from any to any 25 out via $oif setup keep-state $cmd 00910 $skip tcp from any to any 110 out via $oif setup keep-state # FREEBSD CVS ## $cmd 01000 $skip tcp from me to any out via $oif setup keep-state uid root # ALLOW PING OUT ### $cmd 01100 $skip icmp from any to any out via $oif keep-state # SSH ## $cmd 01200 $skip tcp from any to any 22 out via $oif setup keep-state # WHOIS $cmd 01300 $skip tcp from any to any 43 out via $oif setup keep-state # FTP ## $cmd 01400 $skip tcp from any to any 21 out via $oif setup keep-state # IRC ## $cmd 01500 $skip tcp from any to any 6667 out via $oif setup keep-state $cmd 01510 $skip tcp from any to any out via $oif setup keep-state $cmd 01520 $skip tcp from any to any 5020 out via $oif setup keep-state # SHOUTCAST $cmd 01600 $skip tcp from any to any 9000 out via $oif setup keep-state ### ( INBOUND ) # Deny all inbound from non-routable ### $cmd 02000 deny all from 192.168.0.0/16 to any in via $oif $cmd 02010 deny all from 172.16.0.0/12 to any in via $oif $cmd 02020 deny all from 10.0.0.0/8 to any in via $oif $cmd 02030 deny all from 127.0.0.0/8 to any in via $oif $cmd 02040 deny all from 0.0.0.0/8 to any in via $oif $cmd 02050 deny all from 169.254.0.0/16 to any in via $oif $cmd 02060 deny all from 192.0.2.0/24 to any in via $oif $cmd 02070 deny all from 204.152.64.0/23 to any in via $oif $cmd 02080 deny all from 224.0.0.0/3 to any in via $oif # DENY PING INBOUND $cmd 02100 deny icmp from any to any in via $oif # DENY IDENT ### $cmd 02200 deny tcp from any to any 113 in via $oif # DENY NETBIOS # $cmd 02300 deny tcp from any to any 137 in via $oif $cmd 02310 deny tcp from any to any 138 in via $oif $cmd 02320 deny tcp from any to any 139 in via $oif $cmd 02330 deny tcp from any to any 81 in via $oif # DHCP # $cmd 02400 allow udp from any to 192.168.1.1 68 in via $oif keep-state # HTTP # $cmd 02500 allow tcp from any to me 80 in via $oif setup limit src-addr 2 # HTTPS $cmd 02600 allow
