Port Forwarding, ipfw + natd

Port Forwarding, ipfw + natd

Post by MrNorto » Sun, 06 May 2001 15:44:38



Hi,

    How do I setup a port forwarding ?

    My ipfw is set to OPEN.

ed1 = outside interface
ed0 = inside interface
10.0.0.1 = IP of an other pc into my network

there is my ipfw l :

00050 divert 8668 ip from any to any via ed1
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
65000 allow ip from any to any
65535 deny ip from any to any

the error I get from natd when I type :

natd -redirect_port tcp 10.0.0.1:21 21

is :

natd: Unable to bind divert socket.: Address already i use

What is the error I make ? What i'm trying to do is to forward from any
connection to me on the port 21 forward to 10.0.0.1 on port 21

thx

MrNorton

 
 
 

Port Forwarding, ipfw + natd

Post by Kristian Ra » Sun, 06 May 2001 17:17:34


Hi

Quote:>the error I get from natd when I type :
>natd -redirect_port tcp 10.0.0.1:21 21
>is :
>natd: Unable to bind divert socket.: Address already i use

the "-redirect ..." part is part of the entire natd commandline...
you are trying to start natd again...

so in /etc/rc.conf you will need to either integrate
the "-redirect..." part on the commandline or modify
natd_flags to be "-f /etc/natd.conf"
then create the file /etc/natd.conf and put
the commandline parameters in it.. like
redirect_port tcp 10.0.0.1:21 21
redirect_port tcp 10.0.0.1:23 23
redirect_port tcp 10.0.0.1:80 80
unregistered_only yes
same_sockets yes
etc. etc.

please read the man page on natd, it will explain
the syntaks used in the /etc/natd.conf file when
running natd w. flags = "-f <file>"
it is slightly different from the commandline version

regards

Kristian
---------------------------------------------
In order to send email you must edit my mail address

 
 
 

1. HELP - IPFW with NATD for port forwarding

I am having a problem getting my FreeBSD 4.3 IPFW firewall to forward
incoming FTP requests to a server on a private network.  I have scoured
dejanews and the like and all the previous post seem to say the same thing.
NATD redirect_port entries in NATD.CONF and a ADD ALLOW statement in the
firewall script as noted in the script below.

Natd.conf entries ar as follows:

use_sockets yes
redirect_port tcp 192.168.1.3:21 21
redirect_port udp 192.168.1.3:21 21

natd.conf is of course called in rc.conf via natd_flags="-f /etc/natd.conf"

And here is my firewall script:

fwcmd="/sbin/ipfw" #leave as is if using ipfw
oif="oifx"  #set to outside interface name
onwr="a.b.c.d/24" #set to outside network range
oip="a.b.c.d"  #set to outside ip address

iif="ifx"  #set to internal interface name
inwr="x.y.z.x/24" #set to internal network range
iip="x.y.z.x"  #set to internal ip address

ns1="e.f.g.h"  #set to primary name server best if = oif
#ntp="i.j.k.l"  #set to ip of NTP server or leave as is

 $fwcmd -f flush

 $fwcmd add allow all from any to any via lo0
 $fwcmd add deny log all from any to 127.0.0.0/8

 $fwcmd add deny log ip from $inwr to any in via $oif

 $fwcmd add deny log ip from not $inwr to any in via $iif

 $fwcmd add deny log ip from 192.168.0.0/16 to any in via $oif
 $fwcmd add deny log ip from 172.16.0.0/12 to any in via $oif
 $fwcmd add deny log ip from 10.0.0.0/8 to any in via $oif
 $fwcmd add deny log ip from any to 192.168.0.0/16 in via $oif
 $fwcmd add deny log ip from any to 172.16.0.0/12 in via $oif
 $fwcmd add deny log ip from any to 10.0.0.0/8 in via $oif

 $fwcmd add deny all from 0.0.0.0/8 to any in via $oif
 $fwcmd add deny all from 169.254.0.0/16 to any in via $oif
 $fwcmd add deny all from 192.0.2.0/24 to any in via $oif
 $fwcmd add deny all from 224.0.0.0/4 to any in via $oif
 $fwcmd add deny all from 240.0.0.0/4 to any in via $oif
 $fwcmd add deny all from any to 0.0.0.0/8 in via $oif
 $fwcmd add deny all from any to 169.254.0.0/16 in via $oif
 $fwcmd add deny all from any to 192.0.2.0/24 in via $oif
 $fwcmd add deny all from any to 224.0.0.0/4 in via $oif
 $fwcmd add deny all from any to 240.0.0.0/4 in via $oif

 $fwcmd add divert natd all from any to any via $oif

 $fwcmd add allow tcp from any to any established
 $fwcmd add allow tcp from any to $oip 22 setup
 $fwcmd add allow log tcp from any to <publicaddress> 21 via $oif
<---------------Add Allow statement

 $fwcmd add allow icmp from any to any icmptypes 3,4,11,12
 $fwcmd add allow udp from any 53 to $ns1 53
 $fwcmd add check-state
 $fwcmd add allow ip from $oip to any keep-state out via $oif
 $fwcmd add allow ip from $inwr to any keep-state via $iif

 $fwcmd add 65435 deny log ip from any to any  <---------------------Is this
line cancelling out my Add Allow above?

Any help would be appriciated.

TIA

Rob

2. how to assign two ips in eth0

3. ipfw / natd port forwarding.

4. help with disabling logins

5. port forwarding with ipfw/natd

6. HPNP / Jetadmin for non-Solaris machines (ie Sequent Dynix/ptx)

7. ipfw, freebsd 4.6, natd redirected ports (NOT)

8. fvwm mouse bindings

9. ipfw + natd; port redirection problem

10. Do I need port redirection in my box running IPFW and NATD?

11. need help with port redirects using natd/ipfw

12. natd port forwarding disappeared

13. NATD and port forwarding (for quake)