Routing and forwarding

Floris P. Coetzee FP at
Tue Jul 18 17:05:02 BST 2006

Hi all,

I am very new to FreeBSD, so please excuse any obvious blunders.

I am using a FreeBSD installation as a firewall (Machine A). I need to
give a machine that is behind this firewall (Machine B) access to a
specific port on a third machine (Machine C) on the other side of the
firewall. At the moment=20

The IPs for the machines are as follows:
A: &

There are two networks:
X: is the "local" network shared by A (the firewall) and
B (the "client")
Y: the network shared by A and C=20

I have the following settings on the firewall - after much googling and
trail and error over a few days
dev# ipfw list
00050 divert 8668 tcp from to any dst-port 81 keep-state
00100 allow ip from any to any via lo0
06500 allow ip from any to any
65535 allow ip from any to any

#interface fxp0 #(to network X - shared with A)
interface xl0   #(to network Y - shared with C)
port natd
redirect_port tcp 81 #(Forward 81 to machine C)

When I run netcat (nc -l -p 81) on C (the target machine - Win2k3), I
can telnet to it on port 81 from machine A (firewall) but not from
machine B (the "client").

I have been struggling with this on and off for almost a week, and I am
running out of ideas. I tested natd & routing on A by forwarding all
traffic to machine B that hits machine A and that works, so natd is
working on A.

Any advice would be greatly appreciated!

 - FP

