natd redirect help
guru at Sisis.de
guru at Sisis.de
Thu Oct 20 23:09:07 PDT 2005
El día Thursday, October 20, 2005 a las 02:19:55PM -0500, Efren Bravo escribió:
> Hi,
>
> I've a freebsd5.4 with ipfw and natd. I need that external users can enter
> to my internal network services (http, ftp, etc).
>
> freebsd box:
> out interface: 200.x.x.x
> in interface: 10.x.x.x
>
> /etc/rc.conf file:
> ------------------
> gateway_enable="YES"
>
> firewall_enable="YES"
> firewall_script="/etc/ipfw.rules"
> firewall_logging="YES"
>
> natd_enable="YES"
> natd_interface="vr0"
> natd_flags="-f /etc/natd.conf"
>
> /etc/natd.conf file:
> --------------------
> redirect_port tcp 10.x.x.x:8080 80 #redirec to internal web server
>
>
> The question is if I've to open the port 80 on freeBSD's vr0 because I not
> able to enter to those services.
Hola Elfren,
I don't use 'ipfw' and 'natd', but we use ipfw/ipnat in our firewall and
with this the rules would be like this:
/etc/ipnat.rules:
# HTTP:
# xxx.xxx.xxx.xxx.xxx is the oficial IP addr on NIC 'em1'
#
rdr em1 xxx.xxx.xxx.xxx/32 port 80 -> 10.0.1.202 port 80
/etc/ipf.rules:
# Allow in standard www function because I have apache server
# will be NAT routed to the webserver 10.0.1.202
#
pass in quick on em1 proto tcp from any to any port = 80 flags S keep state
Un abrazo
matthias
--
Matthias Apitz / Sisis Informationssysteme GmbH
Gruenwalder Weg 28g / D-82041 Oberhaching
Fon: ++49 89 / 61308-351, Fax: -399, Mobile ++49 170 4527211
http://www.sisis.de/
More information about the freebsd-questions
mailing list