Re: ipfw + nat + port_redirect - works, but not for the internal net

From: Miroslav Pendev (shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com)
Date: 05/14/02

• Next message: Aragon Gouveia: "Re: ipfw + nat + port_redirect - works, but not for the internal net"
• Previous message: Miroslav Pendev: "Re: ipfw + nat + port_redirect - works, but not for the internal net"
• In reply to: Michael Sierchio: "Re: ipfw + nat + port_redirect - works, but not for the internal net"
• Next in thread: Miroslav Pendev: "Re: ipfw + nat + port_redirect - works, but not for the internal net"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Miroslav Pendev" <shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com>
To: "Michael Sierchio" <kudzu@tenebras.com>
Date: Tue, 14 May 2002 11:16:31 -0400

> Miroslav Pendev wrote:
>
> > I have FreeBSD 4.5 RELEASE as Firewall with two NICs:
>
> > For simplicity lets assume that the firewall type is *open*.
>
> I find it simpler not to make assumptions -- perhaps you'd like
> to explicitly state: the fw rule set, your natd settings,
> what port a process in listening on at the target machine,
> and whether the target machine has a default route that goes
> through your nat box.
>
OK, the firewall type IS *open*

in rc.conf I have this:
=======================
#ftp server
natd_flags="-redirect_port tcp 192.168.1.100:21 21"
#apache server
natd_flags="-redirect_port tcp 192.168.1.100:80 9090"

192.168.1.21 - default gateway (FreeBSD Firewall NAT
- internal interface xl1)

In the internal network:
========================
192.168.1.100:21 - ftp server
192.168.1.100:80 - apache web server

192.168.1.90 - host in the internal network trying to
reach the external interface of the firewall on port 9090 or 21
(192.168.1.21- default gateway)

--Miro

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Aragon Gouveia: "Re: ipfw + nat + port_redirect - works, but not for the internal net"
• Previous message: Miroslav Pendev: "Re: ipfw + nat + port_redirect - works, but not for the internal net"
• In reply to: Michael Sierchio: "Re: ipfw + nat + port_redirect - works, but not for the internal net"
• Next in thread: Miroslav Pendev: "Re: ipfw + nat + port_redirect - works, but not for the internal net"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Firewall ... I'm running FreeBSD 6.2 and setting it up as a network router/firewall. ... It has 3 nics, two of internal network and ... firewall rules and would output into different formats. ... The graphical tool you are thinking of is probably Firewall Builder, it is also in ports. ... (freebsd-net) IPFilter/IPNat and rdr ... home firewall using FreeBSDinstead of Linux ... I'm using the 4.3 RELEASE of FreeBSD. ... rule to prevent packets from the outside that contain a destination IP ... on my internal network from passing through my firewall and entering my ... (FreeBSD-Security) newbie - Default Desktop Firewall? ... I'm completely new to FreeBSD. ... webserver, ftp server, etc. ... Is there some kind of personal firewall port/package (like ... information that I'm turning up pertain either to using FreeBSD on a ... (comp.unix.bsd.freebsd.misc) Re: natd: failed to write packet back (Permission denied) ... insane firewall. ... Between the NATd and the Internal Network, ... between the NATd and the External ... > last month I installed a working firewall using FreeBSD 4.4, ... (FreeBSD-Security) Re: Web sites ... > I just want to ask the list for web sites to learn freebsd. ... > interested also on those that can explain how to make a FTP and Firewall ... I recommend pure-ftp for an ftp server. ... (freebsd-newbies)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint