Hi What I want to accomplish is a DMZ on the third ethernet on my soekrisbox. I have done this before with OpenBSD and PF but now I want to do it with FreeBSD and ipfw. My isp uses dhcp but they don't change my ip so very often (almost never) so you can see it like I have a static ip. First the ipnumbers on the three cards in the box. sis0 have 83.x.x.x sis1 have 192.168.0.1 , and this is the lan. sis2 have 10.0.0.1 , and this is meant to be a dmz. Another box with ip 10.0.0.2 is connected to sis2 and is configured as a webserver. I have a working firewall in the soekris-box with ipfw. What I want to do is redirect incoming on port 80 to 10.0.0.2. I have tried this in my /etc/natd.conf redirect_port tcp 10.0.0.2:80 80 In combination with an opening for incoming in the firewall for port 80 (any to any). I also opened for it in hosts.allow. I can see the website on my local lan and I can see it from the firewall, but not from outside. I use my cellphone to check if it's reachable (and that worked under OpenBSD and pf). In my rc.conf I have the natd_flags="-f /etc/natd.conf" after the firewall, I want the firewall early in the file before the ethernets are configured.
I then tried to do the natd directly in my ipfw_rules (my ipfw rules file) with this natd -redirect_port tcp 10.0.0.2:80 80 which gave me this natd:instance default: aliasing address not given. The hand book says "The external IP address on the natd machine must be active and aliased to the external interface. Look at rc.conf (5) to do so." Well ifconfig_sis0_alias0="inet 10.0.0.2 netmask 255.255.255.255" would not make it (I have tried other netmasks as well). I have googled around and seen that others have had the same problem, but no solutions or suggestions that leads in the right direction. Someone must have done this before I assume? Or if someone have some ideas I will be very happy. /Regards from Sweden. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
