Here's what works for me: # Basic maps [mssclamp 1440 was to optimize my dsl connection - ymmv] map pppoe0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp mssclamp 1440 map pppoe0 192.168.1.0/24 -> 0/32 portmap tcp/udp 1024:65535 mssclamp 1440 map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1440
# Redirect incoming bittorent - use non-standard ports to deal with nat... rdr pppoe0 my.real.IP.address/32 port 9199 -> 192.168.1.2 port 9199 tcp rdr pppoe0 my.real.IP.address/32 port 9199 -> 192.168.1.2 port 9199 udp > My mistake, I forgot the -f in ipnat -f /etc/ipnat.rules > > When I add it, ipnat -l gives: > > frankie:~# ipnat -l > List of active MAP/Redirect filters: > map tun0 192.168.1.0/24 -> 0.0.0.0/32 > rdr tun0 0.0.0.0/32 port 22 -> 192.168.1.2 port 22 tcp > <snip> > > But SSH sessions end up on the router and not on the LAN machine, as > before. > > Artom Lifshitz wrote: > >> Hrmm. I've decided to do some tests, and I think this is best >> presented by pasting my terminal: >> >> frankie:~# ipf -FaS >> frankie:~# ipnat -CF >> 0 entries flushed from NAT table >> 0 entries flushed from NAT list >> frankie:~# cat /etc/ipnat.rules >> map tun0 192.168.1.0/24 -> 0/32 >> rdr tun0 0/32 port 22 -> 192.168.1.2 port 22 >> frankie:~# ipnat /etc/ipnat.rules >> frankie:~# cat /etc/ipf.rules >> pass in quick all >> pass out quick all >> frankie:~# ipf -f /etc/ipf.rules >> frankie:~# ipnat -lv >> List of active MAP/Redirect filters: >> >> List of active sessions: >> >> List of active host mappings: >> frankie:~# >> >> And SSH sesstions still end up at the router, and not forwarded to the >> LAN machine as they should. >> >> Guido van Rooij wrote: >> >>> On Tue, Feb 21, 2006 at 02:52:19PM -0500, Artom Lifshitz wrote: >>> >>> >>>> Hello, >>>> >>>> I have a small home LAN with a FreeBSD 6 machine as the router. I got >>>> NAT to work, otherwise I wouldn't be posting this. But I can't get >>>> port >>>> redirection to work. >>>> >>>> I want to redirect aMule's ports (4662 TCP, 4665 UDP and 4672 UDP) to >>>> `arlon' 192.168.1.2 on the LAN, so my /etc/ipnat.rules looks like: >>>> >>>> map tun0 192.168.1.0/24 -> 0/32 >>>> rdr tun0 0/32 port 4662 -> 192.168.1.2 port 4662 >>>> rdr tun0 0/32 port 4665 -> 192.168.1.2 port 4665 udp >>>> rdr tun0 0/32 port 4672 -> 192.168.1.2 port 4672 udp >>>> >>>> >>> >>> >>> This should work. Have you checked with ipnat -lv if the rdr state >>> is created? >>> >>> >>> >>>> Then I find out that incoming NAT happens before filtering, so I add >>>> pretty liberal pass lines to my /etc/ipf.rules.script, which now >>>> looks like: >>>> >>> >>> >>> >>> >>>> pass in quick on $eif proto tcp from any to any port=4662 >>>> pass in quick on $eif proto udp from any to any port=4665 >>>> pass in quick on $eif proto udp from any to any port=4672 >>>> >>> >>> >>> Why not: >>> pass in quick on $eif proto tcp from any to 192.168.1.2 port=4662 >>> keep state >>> ect? >>> >>> -Guido >>> >>> >>> >> > >
