Re: ipfw + nat + port_redirect - works, but not for the internal net

From: Miroslav Pendev (shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com)
Date: 05/14/02 

From: "Miroslav Pendev" <shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com>
To: "Aragon Gouveia" <aragon@phat.za.net>
Date: Tue, 14 May 2002 14:27:33 -0400

Yes, I recompiled the kernel with options IPFIREWALL_FORWARD
I even I made some tests but with no success with the following
in rc.firewall (24.24.24.24 is not my real ext. IP):

${fwcmd} add fwd 24.24.24.24,9090 tcp from any to 192.168.1.100 80 in

It seems to be what I need but...

I have one stupid Linksys Cable&DSL router with NAT
and from the internal network I can access redirected port
on the external interface to internal host:
this is what I need to do, but with FreeBSD firewall.

So it seems that this is not a big problem, I just
do not know how to get it work.

--Miro

> Howdy,
>
> Have you tried an ipfw fwd rule?
>
>
> Regards,
> Aragon
>
> ----- Original Message -----
> From: "Miroslav Pendev"
> <shadow@CPE0004761ac738-CM00109515bc65.cpe.net.cable.rogers.com>
> To: <freebsd-security@freebsd.org>
> Sent: Tuesday, May 14, 2002 4:52 PM
> Subject: ipfw + nat + port_redirect - works, but not for the internal net
>
>
> > Hi Guys!
> >
> > I have FreeBSD 4.5 RELEASE as Firewall with two NICs:
> >
> > xl0 - external interface
> > xl1 - internal interface
> >
> > ipfw and natd + port_redirect works just fine!
> >
> > My problem is that when someone from the internal network
> > is trying to hit external_IP:redirected_port, the redirection
> > is not working for him - connection refused.
> > It works only for host from outside (Internet).
> >
> > For simplicity lets assume that the firewall type is *open*.
> >
> > What rules to ipfw or natd I need in order to permit
> > the port redirection to works for the internal hosts, also?
> >
> > I RTFM, I search the archives but I didn't found a clear
> > answer to that situation.
> >
> > This is common problem to the corporate servers behind
> > firewalls_with_natd_and_redirected_port and probably deserve
> > to be into FreeBSD handbook - otherwise, good documentation!
> >
> > There is some security concerns *is port_redirection a good idea
> > at all*, but that's it I need this working - don't ask why ;-)
> >
> > Thanks in advance!
> >
> > --Miro

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: ipfw + nat + port_redirect - works, but not for the internal net
    ... Have you tried an ipfw fwd rule? ... > xl0 - external interface ... > It works only for host from outside (Internet). ... > to be into FreeBSD handbook - otherwise, ...
    (FreeBSD-Security)
  • TCP packets dont flow from external hosts to WinVista clients behind nat
    ... fxp0 10.0.0.1 -> My Internat Net ... WinXP client machines work fine behind nat, but WinVista, FreeBSD clients don't. ... It's very strange but it's unable to establish any TCP internet connection from non WinXP host. ... Now i'm going to try using pf or ipfilter instead of ipfw or ever reinstall server OS and may be change freebsd architecture to i386. ...
    (freebsd-questions)
  • RE: pppNAT woes =(
    ... You say that in current configuration you can get on internet from ... performing NAT function for you. ... FreeBSD box unless you want to run one of the 3 FreeBSD firewalls to ... How LAN is cabled is too large of subject to ...
    (freebsd-questions)
  • Re: Internet 2
    ... I just setup a freebsd box with the 5.1 release to be a gateway/firewall. ... The installation was smooth and to setup the gateway/firewall with nat a lot of sources are available on Internet. ...
    (freebsd-questions)
  • Re: Windows client - internet connection sharing
    ... >> ADSL line to provide internet access via LAN to a ... > This is all about how you interface your FreeBSD ... > servers and so forth. ... This enables you to set up a 'DMZ' network, ...
    (freebsd-questions)
Loading