Re: nat and ipfw, port forwarding
Hi Richard, On Sun, Dec 28, 2008 at 2:30 AM, Richard Yang kusanagiy...@gmail.comwrote: thank you, usleep (nice name)i somehow made it work by 1. add redirect_port udp 10.0.0.200:5 5 in natd.conf 2. allow all traffic and diversion in ipfw.rules i tried to limit the traffic by modifying the rules in ipfw.rules, but unsuccessfully. so i just leave it be at this moment. i am very confused by the roles of natd and ipfw, and how they should work together. As far as i understand it ( anyone please correct me if i am wrong ) : There are two types of NAT in FreeBSD to choose from: 1. Natd, which is a userspace daemon. You need to include a divert rule in your ipfw-config which looks like this: #ipfw add 100 divert natd all from any to any via $oif ( $oif stands for outside-interface ) After your packet has been diverted to natd, the NATed package is inserted once again into the firewall to be checked again. Port redirection etc is configured in natd.conf. 2. Kernel NAT, which is part of IPFW. This is what i was referring to in my last message. You set it up through rc.conf ( see man page ). There is no need for a divert-rule. Port redirection etc is configured with ipnat ( store your config in /etc/ipnat.conf ). And please, do not top-post. regards, usleep rich On Sat, Dec 27, 2008 at 8:40 AM, usleepl...@gmail.com wrote: Hi Ricard, On Fri, Dec 26, 2008 at 9:27 PM, Richard Yang kusanagiy...@gmail.comwrote: hi, i have a ssh machine behind a freebsd firewall with nat and ipfw. how do i make port forwarding so internet can access the ssh machine? thanx i think you need to configure /etc/ipnat.conf ( read 'man ipnat' ). this is a example definition: rdr em1 0.0.0.0/0 port 2223 - 192.168.1.96 port 22 ( this redirects incoming traffic on outside-interface em1 port 2223 to an internal machine on port 22 ) also, include firewall_nat_enable in your rc.conf ( read 'man rc.conf' ) to configure the settings from ipnat.conf, run ipnat -C -f /etc/ipnat.conf regards, usleep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nat and ipfw, port forwarding
Richard Yang kusanagiy...@gmail.com writes: i have a ssh machine behind a freebsd firewall with nat and ipfw. how do i make port forwarding so internet can access the ssh machine? Use 'redirect_port' with natd(8). This is extensively documented in the Handbook: http://www.freebsd.org/doc/en/books/handbook/network-natd.html -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nat and ipfw, port forwarding
Hi Ricard, On Fri, Dec 26, 2008 at 9:27 PM, Richard Yang kusanagiy...@gmail.comwrote: hi, i have a ssh machine behind a freebsd firewall with nat and ipfw. how do i make port forwarding so internet can access the ssh machine? thanx i think you need to configure /etc/ipnat.conf ( read 'man ipnat' ). this is a example definition: rdr em1 0.0.0.0/0 port 2223 - 192.168.1.96 port 22 ( this redirects incoming traffic on outside-interface em1 port 2223 to an internal machine on port 22 ) also, include firewall_nat_enable in your rc.conf ( read 'man rc.conf' ) to configure the settings from ipnat.conf, run ipnat -C -f /etc/ipnat.conf regards, usleep -- Best Regards Richard Yang richardy...@richardyang.net kusanagiy...@gmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: nat and ipfw, port forwarding
thank you, usleep (nice name)i somehow made it work by 1. add redirect_port udp 10.0.0.200:5 5 in natd.conf 2. allow all traffic and diversion in ipfw.rules i tried to limit the traffic by modifying the rules in ipfw.rules, but unsuccessfully. so i just leave it be at this moment. i am very confused by the roles of natd and ipfw, and how they should work together. rich On Sat, Dec 27, 2008 at 8:40 AM, usleepl...@gmail.com wrote: Hi Ricard, On Fri, Dec 26, 2008 at 9:27 PM, Richard Yang kusanagiy...@gmail.comwrote: hi, i have a ssh machine behind a freebsd firewall with nat and ipfw. how do i make port forwarding so internet can access the ssh machine? thanx i think you need to configure /etc/ipnat.conf ( read 'man ipnat' ). this is a example definition: rdr em1 0.0.0.0/0 port 2223 - 192.168.1.96 port 22 ( this redirects incoming traffic on outside-interface em1 port 2223 to an internal machine on port 22 ) also, include firewall_nat_enable in your rc.conf ( read 'man rc.conf' ) to configure the settings from ipnat.conf, run ipnat -C -f /etc/ipnat.conf regards, usleep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
nat and ipfw, port forwarding
hi, i have a ssh machine behind a freebsd firewall with nat and ipfw. how do i make port forwarding so internet can access the ssh machine? thanx -- Best Regards Richard Yang richardy...@richardyang.net kusanagiy...@gmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org