Question about ipfw, natd and port forwarding.

[Deling Ren]

Hi all, I am trying to setup a NAT box for my home network on freebsd 5.3.
I am using ipfw and natd. I already got nat running but I am having
problem with port forwarding. I am trying to forward port 80 on the nat
box to an internal machine (192.168.0.7). I have the following as part of
natd_flags:

-redirect_port tcp 192.168.0.7:80 xx.xx.xx.xx:80

where xx.xx.xx.xx is the external IP of the nat box.

Using the following ipfw rules:

00050 divert 8668 ip from any to any via sis0
65535 allow ip from any to any

I have no problem connecting port 80 on the nat box from outside. But as I
added stateful ipfw rules, it stops working. Running nmap from outside
says port 80 is filtered. I am not sure how to configure the rules to
enable port forwarding. Any help will be appreciated. Thanks.

Deling

Here are my ipfw rules:

00005 allow ip from any to any via $iif
00010 allow ip from any to any via lo0
00014 divert 8668 ip from any to any in via $oif

00015 check-state

00060 skipto 800 tcp from any to any out via $oif setup keep-state
00080 skipto 800 icmp from any to any out via $oif keep-state
00130 skipto 800 udp from any to any out via $oif keep-state

00340 allow icmp from any to me in via $oif keep-state

00360 allow tcp from any to any dst-port 80 in via $oif setup keep-state
00380 allow tcp from any to me dst-port 22 in via $oif setup limit
src-addr 5

00400 deny log logamount 5 ip from any to any in via $oif
00450 deny log logamount 5 ip from any to any out via $oif

00800 divert 8668 ip from any to any out via $oif
00801 allow ip from any to any
00999 deny log logamount 5 ip from any to any