Very Computer

1. HELP - IPFW with NATD for port forwarding

I am having a problem getting my FreeBSD 4.3 IPFW firewall to forward
incoming FTP requests to a server on a private network.  I have scoured
dejanews and the like and all the previous post seem to say the same thing.
NATD redirect_port entries in NATD.CONF and a ADD ALLOW statement in the
firewall script as noted in the script below.

Natd.conf entries ar as follows:

use_sockets yes
redirect_port tcp 192.168.1.3:21 21
redirect_port udp 192.168.1.3:21 21

natd.conf is of course called in rc.conf via natd_flags="-f /etc/natd.conf"

And here is my firewall script:

fwcmd="/sbin/ipfw" #leave as is if using ipfw
oif="oifx"  #set to outside interface name
onwr="a.b.c.d/24" #set to outside network range
oip="a.b.c.d"  #set to outside ip address

iif="ifx"  #set to internal interface name
inwr="x.y.z.x/24" #set to internal network range
iip="x.y.z.x"  #set to internal ip address

ns1="e.f.g.h"  #set to primary name server best if = oif
#ntp="i.j.k.l"  #set to ip of NTP server or leave as is

 $fwcmd -f flush

 $fwcmd add allow all from any to any via lo0
 $fwcmd add deny log all from any to 127.0.0.0/8

 $fwcmd add deny log ip from $inwr to any in via $oif

 $fwcmd add deny log ip from not $inwr to any in via $iif

 $fwcmd add deny log ip from 192.168.0.0/16 to any in via $oif
 $fwcmd add deny log ip from 172.16.0.0/12 to any in via $oif
 $fwcmd add deny log ip from 10.0.0.0/8 to any in via $oif
 $fwcmd add deny log ip from any to 192.168.0.0/16 in via $oif
 $fwcmd add deny log ip from any to 172.16.0.0/12 in via $oif
 $fwcmd add deny log ip from any to 10.0.0.0/8 in via $oif

 $fwcmd add deny all from 0.0.0.0/8 to any in via $oif
 $fwcmd add deny all from 169.254.0.0/16 to any in via $oif
 $fwcmd add deny all from 192.0.2.0/24 to any in via $oif
 $fwcmd add deny all from 224.0.0.0/4 to any in via $oif
 $fwcmd add deny all from 240.0.0.0/4 to any in via $oif
 $fwcmd add deny all from any to 0.0.0.0/8 in via $oif
 $fwcmd add deny all from any to 169.254.0.0/16 in via $oif
 $fwcmd add deny all from any to 192.0.2.0/24 in via $oif
 $fwcmd add deny all from any to 224.0.0.0/4 in via $oif
 $fwcmd add deny all from any to 240.0.0.0/4 in via $oif

 $fwcmd add divert natd all from any to any via $oif

 $fwcmd add allow tcp from any to any established
 $fwcmd add allow tcp from any to $oip 22 setup
 $fwcmd add allow log tcp from any to <publicaddress> 21 via $oif
<---------------Add Allow statement

 $fwcmd add allow icmp from any to any icmptypes 3,4,11,12
 $fwcmd add allow udp from any 53 to $ns1 53
 $fwcmd add check-state
 $fwcmd add allow ip from $oip to any keep-state out via $oif
 $fwcmd add allow ip from $inwr to any keep-state via $iif

 $fwcmd add 65435 deny log ip from any to any  <---------------------Is this
line cancelling out my Add Allow above?

Any help would be appriciated.

TIA

Rob

2. A dumb networking question

3. Port Forwarding, ipfw + natd

4. Linux & cdrom

5. ipfw / natd port forwarding.

6. extracting man pages

7. ipfw, freebsd 4.6, natd redirected ports (NOT)

8. HACMP / Shared volume groups

9. ipfw + natd; port redirection problem

10. Do I need port redirection in my box running IPFW and NATD?

11. need help with port redirects using natd/ipfw

12. natd port forwarding disappeared

13. NATD and port forwarding (for quake)