Help ipfw / nat / JetDirect Pain Appreciated

Tim Daneliuk tundra at
Tue Mar 2 21:09:13 UTC 2010

I would appreciate any insight you folk here might have for the following
problem.  What I am trying to do is have wireless clients on one network
print to a JetDirect-connected printer on another network as follows:

Machine A is a NATing firewall (FBSD 8.0) for nonroutable network  A - 192.168.0.x
Machine A is a NATing wireless router (Linksys WRT-54G) for nonroutable network B -  192.168.1.x

Both Machine A and B have static routable addresses and are directly
connected to the internet.  They are also on the same subnet.  In fact,
they're plugged into the same switch that the internet hose comes in on.

There is an HP Laserjet connected via JetDirect on the first network
at   I have added this to machine A's NAT config
to make that port appear on the outside IP address:

  redirect_port tcp machine.A.IP.addr:9100

natd was then restarted.

I then added this firewall rule on Machine A:

  ipfw add allow tcp from machine.B.IP.addr to machine.A.IP.addr 9100 

And the firewall was restarted.

Now, I jump onto a machine on (wireless) Network B and attempt to telnet
to port 9100 on machine A, just to see if the port is properly
being redirected and I can get to it.  Machine A burps out the
following in /var/log/security:

ipfw: 7500 Deny TCP machine.B.IP.addr:49192 in via fxp0

Anyone have an idea what's going on here?  It looks like the telnet is
attempting to rendezvous on port 49192 but the firewall isn't letting
that happen.  Any idea how I add a rule to permit this?


Tim Daneliuk     tundra at
PGP Key:

More information about the freebsd-questions mailing list