ipfilter & nat redirect
fbsd_user
fbsd_user at a1poweruser.com
Tue Mar 21 18:27:14 UTC 2006
I have a web server on my private lan that I want
to be accessible from the public internet.
dc0 is the interface facing the public internet
I added this rdr rule after the map rules at the end of my nat file.
rdr dc0 0/0 port 80 -> 10.0.10.4 port 8080
also tried this rule
rdr dc0 0.0.0.0/0 port 80 -> 10.0.10.4 port 8080
My understanding of the documentation says the above rdr rule means,
check all packets inbound on interface dc0, and
no matter what the sending ip address of the packet may be,
if the port number of the destination ip address of that packet
matches port 80,
then re-write the packet's destination ip address and port to
10.0.10.4 port 8080 and create the internal nat table to
handle the translation of the outbound packets coming from
10.0.10.4.
Then hand the re-written packet to the firewall to be processed
against the firewall rules.
My ipfilter firewall rules would need a pass rule like this
pass in log quick on dc0 proto tcp from any to 10.0.10.4 port = 8080
flags S keep state
to create the by-directional packet session.
Problem is I cant get this to work.
I see nothing in the log for the pass rule.
Anybody have any idea what I am doing wrong
or if my understanding of the re-direct process is in error.
More information about the freebsd-questions
mailing list