natd and ipfw problems...hope this is the rightplace=)

fbsd-ipfw at 0x10.com fbsd-ipfw at 0x10.com
Wed Aug 25 01:07:16 PDT 2004 

patrick writes: 

> fbsd-ipfw at 0x10.com wrote:
>> Diagram:
>>                              .oO( Internet )Oo.
>>                                      ||
>>                                      ||
>>                                [----DSL------]
>>                                [ adsl router ]       <- No Nat
>>                                [-------------]
>>                                 |           |
>>                                 |           |
>>                                 |           |
>>                                 B           A
>>                [--------WL-------]         [---BSD---]
>>   NAT ->       [ wireless router ]         [ bsd box ]
>>                [-----------------]         [---------]
>>                                             X
>>                 |               |           |
>>                 |               |           |
>>                 |               |___________|
>>                 Y
>> [---------WEB--------]
>> [ web server + media ]
>> [--------------------]
>> IP Addresses:
>> A: External IP 82.*.*.A
>> B: External IP 82.*.*.B
>> X: Internal IP 192.168.1.101
>> Y: Internal IP 192.168.1.100
> Hi, 
> 
> How the wireless is configured? i.e., does it accept incoming requests 
> from Internet for the webserver? 
> 
> If the wireless IS NOT accepting any incoming requests for the web server 
> from the Internet then something like the following should do the trick: 
> 
> *BSD* box: build it as NATD and IPFW machine.
> - Assign your public web IP as an alias to the external NIC, so the 
> outside world will hit your BSD box for the web pages. 
> 
> In /etc/rc.conf add; assuming your public web server is at 82.82.82.82. 
> Note the netmask which is what ALL the aliased ips should have.  Also 
> assuming you have fxp0 as your External Interface on the BSD box. 
> 
> ifconfig_fxp0_alias0="inet 82.82.82.82 netmask 255.255.255.255"
> natd_enable="YES"
> natd_interface="fxp0"
> natd_flags="-f /etc/natd.conf" 
> 
> - In your /etc/natd.conf add
> redirect_port tcp 192.168.1.100:80 82.82.82.82:80 
> 
> -Adjust your ipfw rules to allow port 80 for the public ip and private ip 
> to your liking. 
> 
> *WEB* box: make it's default gateway the BSD box, i.e., the internal 
> interface on the BSD box will be the default route for the WEB box. 
> 
> Since the Wireless and the BSD box are on the same LAN/network, your 
> wireless clients should have no problem reaching the web server. 
> 
> I am sure there are other ways of doing this, but this a good start. 
> 
> Regards,
> Patrick Soltani. 
> 
> 

Thanks for the advise, aren't any fwd/divert rules required in ipfw? 

 -Fraser

More information about the freebsd-ipfw mailing list