On Sun, Aug 27, 2006 at 01:04:54PM +0500, ?????????? ?????????????? wrote: > I'm a junior in FreeBSD, and I faced with problem.
You should know that others have mailers that are thread enabled. This means that when you compose a new mail, but you that the reply sort cut others may not read this, because it end up in the list. I redirected the mail to questions@ becuase this is not related to the stable development brance. > I've a FreeBSD 6.1-stable box as a gate+firewall, and I want to divert > incoming requests to my web-server, placed in DeMilitarized Zone > (DMZ). To do this I wrote down settings in /etc/rc.conf as shown > above: > > natd_flags="-redirect_port tcp 80 192.168.1.234 80" > natd_flags="-redirect_poort tcp 443 192.168.1.234 443" You proberbly can not have two lines. > I think, that all packets incoming from Internet will be diverted from > the External interface via DMZ interface to my We-server. Is it right? > If not, why not, and what the way to make it working? Yes, but you made some mistakes: 1. You have two lines, where only one is allowed. 2. The file format is wrong: should be tcp forward_ip:port port 3. You made a typo 4. Did you setup ipfw? I've done this with a seperate config file. firewall_enable="YES" firewall_type="/etc/firewall.conf" natd_enable="YES" natd_flags="-f /etc/natd.conf" natd_interface="fxp0" /etc/firewall.conf contains: add divert 8668 ip from any to any (note: src_ip and dst_ip changes here, so keep this in mind if you add rules) add allow ip from any to any /etc/natd.conf contains: redirect_port tcp ip_to_goto:port local_port Did you setup ipfw and directed packes to natd? You also need to setup i -- Alex Please copy the original recipients, otherwise I may not read your reply. Howtos based on my personal use, including information about setting up a firewall and creating traffic graphs with MRTG http://alex.kruijff.org/FreeBSD/ _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"