Routing and forwarding

Floris P. Coetzee FP at evidencetalks.com
Tue Jul 18 17:05:02 BST 2006


Hi all,

I am very new to FreeBSD, so please excuse any obvious blunders.

I am using a FreeBSD installation as a firewall (Machine A). I need to
give a machine that is behind this firewall (Machine B) access to a
specific port on a third machine (Machine C) on the other side of the
firewall. At the moment=20

The IPs for the machines are as follows:
A: 192.168.0.1 & 172.16.0.1
B: 192.168.0.2
C: 172.16.0.2

There are two networks:
X: 192.168.0.0/24 is the "local" network shared by A (the firewall) and
B (the "client")
Y: 172.16.0.0/24 the network shared by A and C=20


I have the following settings on the firewall - after much googling and
trail and error over a few days
IPFW:
-----
dev# ipfw list
00050 divert 8668 tcp from 192.168.0.2 to any dst-port 81 keep-state
00100 allow ip from any to any via lo0
06500 allow ip from any to any
65535 allow ip from any to any

NATD:
-----
natd.conf
#interface fxp0 #(to network X - shared with A)
interface xl0   #(to network Y - shared with C)
port natd
redirect_port tcp 172.16.0.2:81 81 #(Forward 81 to machine C)


When I run netcat (nc -l -p 81) on C (the target machine - Win2k3), I
can telnet to it on port 81 from machine A (firewall) but not from
machine B (the "client").

I have been struggling with this on and off for almost a week, and I am
running out of ideas. I tested natd & routing on A by forwarding all
traffic to machine B that hits machine A and that works, so natd is
working on A.

Any advice would be greatly appreciated!

 - FP




More information about the Ukfreebsd mailing list