Hrmm. I've decided to do some tests, and I think this is best presented
by pasting my terminal:
frankie:~# ipf -FaS
frankie:~# ipnat -CF
0 entries flushed from NAT table
0 entries flushed from NAT list
frankie:~# cat /etc/ipnat.rules
map tun0 192.168.1.0/24 -> 0/32
rdr tun0 0/32 port 22 -> 192.168.1.2 port 22
frankie:~# ipnat /etc/ipnat.rules
frankie:~# cat /etc/ipf.rules
pass in quick all
pass out quick all
frankie:~# ipf -f /etc/ipf.rules
frankie:~# ipnat -lv
List of active MAP/Redirect filters:
List of active sessions:
List of active host mappings:
frankie:~#
And SSH sesstions still end up at the router, and not forwarded to the
LAN machine as they should.
Guido van Rooij wrote:
On Tue, Feb 21, 2006 at 02:52:19PM -0500, Artom Lifshitz wrote:
Hello,
I have a small home LAN with a FreeBSD 6 machine as the router. I got
NAT to work, otherwise I wouldn't be posting this. But I can't get port
redirection to work.
I want to redirect aMule's ports (4662 TCP, 4665 UDP and 4672 UDP) to
`arlon' 192.168.1.2 on the LAN, so my /etc/ipnat.rules looks like:
map tun0 192.168.1.0/24 -> 0/32
rdr tun0 0/32 port 4662 -> 192.168.1.2 port 4662
rdr tun0 0/32 port 4665 -> 192.168.1.2 port 4665 udp
rdr tun0 0/32 port 4672 -> 192.168.1.2 port 4672 udp
This should work. Have you checked with ipnat -lv if the rdr state
is created?
Then I find out that incoming NAT happens before filtering, so I add
pretty liberal pass lines to my /etc/ipf.rules.script, which now looks like:
pass in quick on $eif proto tcp from any to any port=4662
pass in quick on $eif proto udp from any to any port=4665
pass in quick on $eif proto udp from any to any port=4672
Why not:
pass in quick on $eif proto tcp from any to 192.168.1.2 port=4662 keep state
ect?
-Guido
