Re: ipfw + nat + port_redirect - works, but not for the internal net

From: Aragon Gouveia (aragon@phat.za.net)
Date: 05/14/02 

From: "Aragon Gouveia" <aragon@phat.za.net>
To: "Miroslav Pendev" <shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com>, <freebsd-security@freebsd.org>
Date: Tue, 14 May 2002 19:56:52 +0200

Howdy,

Have you tried an ipfw fwd rule?

Regards,
Aragon

----- Original Message -----
From: "Miroslav Pendev"
<shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com>
To: <freebsd-security@freebsd.org>
Sent: Tuesday, May 14, 2002 4:52 PM
Subject: ipfw + nat + port_redirect - works, but not for the internal net

> Hi Guys!
>
> I have FreeBSD 4.5 RELEASE as Firewall with two NICs:
>
> xl0 - external interface
> xl1 - internal interface
>
> ipfw and natd + port_redirect works just fine!
>
> My problem is that when someone from the internal network
> is trying to hit external_IP:redirected_port, the redirection
> is not working for him - connection refused.
> It works only for host from outside (Internet).
>
> For simplicity lets assume that the firewall type is *open*.
>
> What rules to ipfw or natd I need in order to permit
> the port redirection to works for the internal hosts, also?
>
> I RTFM, I search the archives but I didn't found a clear
> answer to that situation.
>
> This is common problem to the corporate servers behind
> firewalls_with_natd_and_redirected_port and probably deserve
> to be into FreeBSD handbook - otherwise, good documentation!
>
> There is some security concerns *is port_redirection a good idea
> at all*, but that's it I need this working - don't ask why ;-)
>
> Thanks in advance!
>
> --Miro
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • TCP packets dont flow from external hosts to WinVista clients behind nat
    ... fxp0 10.0.0.1 -> My Internat Net ... WinXP client machines work fine behind nat, but WinVista, FreeBSD clients don't. ... It's very strange but it's unable to establish any TCP internet connection from non WinXP host. ... Now i'm going to try using pf or ipfilter instead of ipfw or ever reinstall server OS and may be change freebsd architecture to i386. ...
    (freebsd-questions)
  • Re: ipfw + nat + port_redirect - works, but not for the internal net
    ... on the external interface to internal host: ... >> I have FreeBSD 4.5 RELEASE as Firewall with two NICs: ... >> It works only for host from outside (Internet). ... >> What rules to ipfw or natd I need in order to permit ...
    (FreeBSD-Security)
  • ipfw + nat + port_redirect - works, but not for the internal net
    ... I have FreeBSD 4.5 RELEASE as Firewall with two NICs: ... It works only for host from outside (Internet). ... What rules to ipfw or natd I need in order to permit ...
    (FreeBSD-Security)
  • Re: Fbsd gateway+restrictions
    ... > I want This Box to work as a Internet gateway, ... > connection, and i want to block that one. ... use ipfw to deny specific ports to specific users / ips. ... FreeBSD unregistered;) user ...
    (freebsd-questions)
  • RE: firewall
    ... You need to do a lot of reading about ipfw ... IPFW is the only firewall available to FBSD, ... rules do not function correctly on a DSL or cable internet ... @320 pass in quick on rl0 proto tcp from 63.70.155.0/24 to any port ...
    (freebsd-questions)