thank you, usleep (nice name)i somehow made it work by 1. add "redirect_port udp 10.0.0.200:50000 50000" in natd.conf 2. allow all traffic and diversion in ipfw.rules
i tried to limit the traffic by modifying the rules in ipfw.rules, but unsuccessfully. so i just leave it be at this moment. i am very confused by the roles of natd and ipfw, and how they should work together. rich On Sat, Dec 27, 2008 at 8:40 AM, <usleepl...@gmail.com> wrote: > Hi Ricard, > > On Fri, Dec 26, 2008 at 9:27 PM, Richard Yang <kusanagiy...@gmail.com>wrote: > >> hi, >> i have a ssh machine behind a freebsd firewall with nat and ipfw. >> how do i make port forwarding so internet can access the ssh machine? >> thanx >> > > i think you need to configure /etc/ipnat.conf ( read 'man ipnat' ). this is > a example definition: > rdr em1 0.0.0.0/0 port 2223 -> 192.168.1.96 port 22 > > ( this redirects incoming traffic on outside-interface em1 port 2223 to an > internal machine on port 22 ) > > also, include "firewall_nat_enable" in your rc.conf ( read 'man rc.conf' ) > > to configure the settings from ipnat.conf, run "ipnat -C -f > /etc/ipnat.conf" > > regards, > > usleep > >> >> > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"