[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Port mapping under Freebsd

To: Moussa BAGAYOKO <moussa at afribone.net.ml>
Subject: Re: Port mapping under Freebsd
From: Brian Candler <B.Candler at pobox.com>
Date: Mon, 14 Apr 2003 12:00:48 +0100
Cc: afnog <afnog at afnog.org>
Content-Disposition: inline
Content-Type: text/plain; charset=us-ascii
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog-outgoing at afnog.org
Delivered-To: afnog at afnog.org
In-Reply-To: <3E9A8A12.3070502 at afribone.net.ml>; from moussa at afribone.net.ml on Mon, Apr 14, 2003 at 10:14:42AM +0000
References: <3E9A8A12.3070502 at afribone.net.ml>
Sender: owner-afnog at afnog.org
User-Agent: Mutt/1.2.5i

On Mon, Apr 14, 2003 at 10:14:42AM +0000, Moussa BAGAYOKO wrote:
> Hi folks,
> I'm seeking port mapping command under freebsd.   I have Freebsd box 
> with 2 ethernet cards: the first  has got a public IP adress, the second 
> has a private. The Kernel has been compile to do nat and firewall. In 
> the file /etc/rc.conf  I have got the following lines:
> 
> natd_enable="YES"
> natd_interface="rl0"
> firewall_enable="YES"
> firewall_type="OPEN"
> 
> I need to forward the UDP ports  1100 and 1101 to  one of my private IP 
> on the LAN.

Try something like this:

natd_flags="-redirect_port udp 192.168.0.1:1100-1101"

where 192.168.0.1 is your inside machine. The full syntax is given in 'man
natd'. You can add some extra parameters: e.g.

-redirect_port udp 192.168.0.1:1100-1101 1.2.3.4:9000-9001 5.6.7.8

where:
1.2.3.4 is the outside IP of your natd router
5.6.7.8 is the IP of the remote machine which is allowed to connect

Then, connections from 5.6.7.8 to 1.2.3.4 ports 9000-9001 are mapped to
192.168.0.1 ports 1100-1101

You don't need to reboot your machine, just 
   ps auxwww | grep natd
Make a note of the existing flags, kill it, wait until it dies (which may be
a while as existing connections have to finish being serviced), and then
restart it with the existing flags plus the new ones.

You might also want to add '-deny_incoming -log_denied' to the natd flags,
for better security.

If your NAT setup becomes more complex, it might be worth switching to
ipfilter ('ipf'). It often gives simpler and more maintainable
configurations than ipfw/natd, and it has the advantage of being portable to
a number of different operating systems including Solaris. But it's a whole
different firewall syntax to learn...

http://coombs.anu.edu.au/~avalon/

It's included in FreeBSD, you just need

options IPFILTER
options IPFILTER_LOG

in your kernel config (or I think you can even load it as a module)

Cheers,

Brian.

-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

References:
- Port mapping under Freebsd
  - From: Moussa BAGAYOKO <moussa at afribone.net.ml>
- Port mapping under Freebsd
  - From: Moussa BAGAYOKO <moussa at afribone.net.ml>

Prev by Date: MikroTik Inter-changeable frequency
Next by Date: Livre d'Or
Prev by thread: Port mapping under Freebsd
Next by thread: Re: Port mapping under Freebsd
Index(es):
- Date
- Thread