ipfw natd forward port 80

Wed Aug 6 20:09:34 PDT 2003

Hi,

I have similar problem.
I'm using IPF & IPNAT to redirect outbound connection
to the internal IP addr. It's been 4 months I can't
solve it :(

The result so far:
The connection was refused (Netscape)
Alert! Unable to connect (Lynx)

TIA

Here is the details

IPF.CONF
block in log all
pass out all
pass in on xl1 all
pass in on lo all
block in log quick on xl0 from 0.0.0.0/32 to any
block in log quick on xl0 from 255.255.255.255/32 to
any
block in log quick on xl0 from 127.0.0.0/8 to any
block in log quick on xl0 from any to 0.0.0.0/32
block in log quick on xl0 from any to
255.255.255.255/32
block in log quick on xl0 from any to 127.0.0.0/8
block in log quick on xl0 from 192.168.0.0/16 to any
block in log quick on xl0 from 172.16.0.0/12 to any
block in log quick on xl0 from 10.0.0.0/8 to any
pass in quick on xl0 proto icmp all icmp-type 0
pass in quick on xl0 proto icmp all icmp-type 3
pass in quick on xl0 proto icmp all icmp-type 11
connections to machines
block in log on xl0 proto tcp all flags S/SA
block in log on xl0 proto tcp all flags SA/SA
pass in quick on xl0 proto tcp from any to any port =
5557 flags S/SA keep state
pass in quick on xl0 proto tcp from any to any port =
25 flags S/SA keep state
pass in quick on lo0 proto tcp from any to any port =
25 flags S/SA keep state
pass in quick on xl0 proto tcp from any to any port =
110 flags S/SA keep state
pass in quick on lo0 proto tcp from any to any port =
110 flags S/SA keep state
pass in quick on xl0 proto tcp from any to any port =
8888 flags S/SA keep state
pass in quick on lo0 proto tcp from any to any port =
8888 flags S/SA keep state
pass in quick on xl0 proto tcp from any to any port =
80 flags S/SA keep state
pass in quick on lo0 proto tcp from any to any port =
80 flags S/SA keep state
pass out on xl0 proto tcp all keep state
note 5
block return-rst in on xl0 proto tcp from any to any
port = 113
block in log quick on xl1 proto tcp from any to any
port = 135  
block in log quick on xl1 proto udp from any to any
port = 135
block in log quick on xl1 proto udp from any to any
port = 137
pass in log quick on xl1 proto udp from 192.168.0.1 to
any port = 137
block in log quick on xl1 proto tcp from any to any
port = 139
block in log quick on xl1 proto tcp from any to any
port = 445
block in log quick on xl1 proto udp from any to any
port = 138
pass in on xl0 proto udp from 202.xxx.xxx.xxx port =
53 to any
pass in on xl0 proto udp from 202.xxx.xxx.xxx port =
53 to any

IPNAT
map xl0 192.168.0.0/24 -> 202.xxx.xxx.xxx/32 portmap
tcp/udp 1025:20000
map xl0 192.168.0.0/24 -> 202.xxx.xxx.xxx/32
rdr xl0 202.xxx.xxx.xxx/32 port 8888 -> 192.168.0.89
port 80 tcp

RC.CONF
ifconfig_xl1="inet 192.168.0.27  netmask
255.255.255.0"
ifconfig_xl0="inet 202.xxx.xxx.xxx netmask
255.255.255.240"
gateway_enable="YES"
defaultrouter="202.xxx.xxx.xxx"
ntpdate_flags="ntp.cyber-fleet.net"
ntpdate_enable="YES"
sshd_enable="YES"
inetd_enable="YES"
hostname="AROMA.ialf.edu"
sendmail_enable="YES"
sendmail_flags="-bd"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"
sendmail_msp_queue_enable="NO"
inetd_flags="-Ww"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.conf"
ipnat_rules="/etc/ipnat.conf"
ipnat_flags="-CF"
ipmon_enable="YES"

--- Clement Laforet <sheepkiller at cultdeadsheep.org>
wrote: > On Thu, 7 Aug 2003 04:33:43 +0200
> Clement Laforet <sheepkiller at cultdeadsheep.org>
> wrote:
> 
> oups :
> > use this
> > natd_flags="-dynamic -redirect_port
> 192.168.1.150:80 80"
> 
> natd_flags="-dynamic -redirect_port tcp
> 192.168.1.150:80 80"
> that's better ;)
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org" 

________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/