natd and ipfw problems...hope this is the right place=)
fbsd-ipfw at 0x10.com
fbsd-ipfw at 0x10.com
Tue Aug 24 02:32:30 PDT 2004
Diagram:
.oO( Internet )Oo.
||
||
[----DSL------]
[ adsl router ] <- No Nat
[-------------]
| |
| |
| |
B A
[--------WL-------] [---BSD---]
NAT -> [ wireless router ] [ bsd box ]
[-----------------] [---------]
X
| | |
| | |
| |___________|
Y
[---------WEB--------]
[ web server + media ]
[--------------------]
IP Addresses:
A: External IP 82.*.*.A
B: External IP 82.*.*.B
X: Internal IP 192.168.1.101
Y: Internal IP 192.168.1.100
### External Connectivity ###
WEB -> WL -> (DSL) -> Internet [IP B]
BSD -> (DSL) -> Internet [IP A]
Require:
Connection to A:80 forwarded to Y:80
### Theoretical Solution ###
Packet - [sourceip:port, destip:port]
Packets IN
[any:any, A:80] fwd/nat [A:80, X:80]
[A:80, X:80] fwd/nat [X:80, Y:80]
Packets OUT
[Y:80, X:80] fwd/nat [X:80, A:80]
[X:80, A:80] fwd/nat [A:80, any:any]
### Description ###
Hiya,
As you can hopefully see, i'm trying to port forward a connection to an
external ip on my BSD be box to the internal ip address of a machine that
sits behind a wireless router.
Please advise as to whether my "Theoretical Solution" is indeed correct for
this purpose.
I've been playing around with NATD and IPFW for a while now, and just cannot
get it to respond. Assuming my logic is correct, my problem seems to be
translating it in to the require configs/rules for natd and ipfw.
In an attempt to simplify the problem, i have set apache to run on all the
IPs of the BSD box. A telnet to 82.*.*.A 80 gets an index file showing
"default", whereas a telnet to 192.168.1.101 80 gets an index file showing
"192.168.1.101", the obvious trick being to get a telnet to 82.*.*.A to
display "192.168.1.101"
As this is failing badly too, i assume i am doing some really wrong.
As you will see, i have a /29 external subnet but we're only really
interested in 82.*.*.A
rl0 -> external NIC going to ADSL Router
xl0 -> internal NIC going to Wireless Router
IP Connectivity between all "hosts" is fine
Details are as follows:
Freebsd 4.10 stable
----- rc.conf -----
defaultrouter="82.*.*.*"
hostname="XXX"
ifconfig_rl0="inet 82.*.*.* netmask 255.255.255.248"
ifconfig_rl0_alias0="inet 82.*.*.A netmask 255.255.255.255"
ifconfig_rl0_alias1="inet 82.*.*.* netmask 255.255.255.255"
ifconfig_rl0_alias2="inet alias 82.*.*.* netmask 255.255.255.255"
ifconfig_xl0="inet 192.168.1.101 netmask 255.255.255.0"
ifconfig_xl0_alias0="inet 192.168.1.111 netmask 255.255.255.255"
gateway_enable="YES"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.conf"
portmap_enable="YES"
firewall_enable="YES"
firewall_type="/etc/ipfw.rules/default"
firewall_quiet="NO"
----- natd.conf -----
interface rl0
same_ports yes
redirect_port tcp 192.168.1.101:80 80
----- KERNAL -----
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFILTER
options IPFILTER_LOG
options IPDIVERT
Cheers for the help!!!
More information about the freebsd-ipfw
mailing list