natd redirect help

guru at Sisis.de guru at Sisis.de
Thu Oct 20 23:09:07 PDT 2005


El día Thursday, October 20, 2005 a las 02:19:55PM -0500, Efren Bravo escribió:

> Hi,
> 
> I've a freebsd5.4 with ipfw and natd. I need that external users can enter
> to my internal network services (http, ftp, etc). 
> 
> freebsd box:
> out interface: 200.x.x.x
> in interface: 10.x.x.x
> 
> /etc/rc.conf file:
> ------------------
> gateway_enable="YES"
> 
> firewall_enable="YES"
> firewall_script="/etc/ipfw.rules"
> firewall_logging="YES"
> 
> natd_enable="YES"
> natd_interface="vr0"
> natd_flags="-f /etc/natd.conf"
> 
> /etc/natd.conf file:
> --------------------
> redirect_port tcp 10.x.x.x:8080 80 #redirec to internal web server
> 
> 
> The question is if I've to open the port 80 on freeBSD's vr0 because I not
> able to enter to those services.

Hola Elfren,

I don't use 'ipfw' and 'natd', but we use ipfw/ipnat in our firewall and
with this the rules would be like this:

/etc/ipnat.rules:
# HTTP:
# xxx.xxx.xxx.xxx.xxx is the oficial IP addr on NIC 'em1'
#
rdr em1 xxx.xxx.xxx.xxx/32 port 80 -> 10.0.1.202 port 80

/etc/ipf.rules:
# Allow in standard www function because I have apache server
# will be NAT routed to the webserver 10.0.1.202
#
pass in quick on em1 proto tcp from any to any port = 80   flags S keep state

Un abrazo

	matthias
-- 
Matthias Apitz / Sisis Informationssysteme GmbH
Gruenwalder Weg 28g / D-82041 Oberhaching
Fon: ++49 89 / 61308-351, Fax: -399, Mobile ++49 170 4527211
http://www.sisis.de/


More information about the freebsd-questions mailing list