firewall rules

Richard Smith rdls at
Wed Jan 31 12:30:40 GMT 2001

David Richards wrote:
> Hi
>   how would i write a rule to allow someone from the outside coming in on
> port XXXX to go to an internal machine on port YYYY
> is it  ${fwcmd} add fwd
> Internal_IP_address_of_machine_i_want_to_connect_to_from_internet XXXX from
> any via ${oip} YYYY
> thanks
> david
> ------ FreeBSD UK Users' Group  -  Mailing List ------

I haven't used `fwd' with ipfw(8) before, but from the man page I would
suggest the following:

ipfw add fwd inside_ip,inside_port tcp from any to ext_ip ext_port in
via ext_if

    inside_ip and inside_port are the internal machine (note the comma).
    ext_ip, ext_port and ext_if are the firewall's external persona.

You will need to compile the `IPFIREWALL_FORWARD' option into the
kernel. You will need to place the rule above any that are likely to
drop incomming
connections on a more general basis.

I haven't tried this. Be careful :-)


This message has been checked for all known viruses, by Star Internet, 
delivered through the MessageLabs Virus Control Centre. 
For further information visit:

More information about the Ukfreebsd mailing list