port redirection with natd and ipfw

Wood, Russell Russell.Wood at rac.com.au
Sun Nov 19 18:10:58 PST 2006 

> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org [mailto:owner-freebsd-
> questions at freebsd.org] On Behalf Of Nilton Volpato
> Sent: Sunday, 19 November 2006 7:13 AM
> To: freebsd-questions at freebsd.org
> Subject: port redirection with natd and ipfw
> 
> Hi,
> 
> I'm using a computer with FreeBSD as a gateway and NAT for a private
> LAN. Let's say the gateway has external.com as external address, and
> 192.168.0.1 as internal address, so that the LAN is 192.168.0.0/24.
> 
> I'm doing a number of port redirects in the gateway, for svn, http,
> https, ssh, etc using natd. However, these port redirects do not work
> from inside the LAN.
> 
> For instance, if I point my browser to http://external.com and I'm in
> the LAN, then it will not work. I can't use the internal address of
> the web server because none of the links will work on the web page.
> 
> In summary, I want that my port redirections work also when I try to
> connect to the gateway's external address from inside the LAN.
> 
> I'm using a minimal ipfw configuration to try to solve this. This is
> the default configuration.
> 
> 00050 divert 8668 ip4 from any to any via vr0
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00300 deny ip from 127.0.0.0/8 to any
> 65000 allow ip from any to any
> 65535 deny ip from any to any
> 
> I tried to add:
> 
> 00060 divert 8668 ip4 from 192.168.0.0/24 to external.com
> 
> expecting that it would send the packets from LAN to natd, which would
> apply the port redirections. But it did not work.
> 
> How can I solve this?
> 
> Thanks,
> -- Nilton

I had a similar setup once and used Split DNS with BIND. So, if you
requested example.com on 192.168.0.0/24 then you'd get the internal IP,
otherwise you got the external IP.

Regards,
Russell Wood


DISCLAIMER:
Disclaimer.  This e-mail is private and confidential. If you are not the intended recipient, please advise us by return e-mail immediately, and delete the e-mail and any attachments without using or disclosing the contents in any way. The views expressed in this e-mail are those of the author, and do not represent those of this company unless this is clearly indicated. You should scan this e-mail and any attachments for viruses. This company accepts no liability for any direct or indirect damage or loss resulting from the use of any attachments to this e-mail.

More information about the freebsd-questions mailing list