I'm running an OpenBSD firewall with ipf and ipnat (a stateful, masquerading
firewall, like the stuff in Linux 2.4.x), and I'm using an internal machine
as a Freenet node. I know the node works because I can request data
successfully when using that node locally and I can insert data using that
node that can be retrieved from a machine on a totally different network.
When I first set up the node, it picked a port. For argument's sake, lets
call the port 24334. The interface name for my ethernet card that's visible
to the outside world is ne3. (It's usually eth0 or eth1 for Linux people.)
Inside my ipf.rules, near the top, I added the following:
# my freenet node
pass in log quick on ne3 proto tcp from any to any port = 24334
pass out quick on ne3 proto tcp from any port = 24334 to any keep state
This says to allow packets from the external network that are tcp and are
traveling to port 24334. Also allow replies and connections that my port
24334 makes.
(The log keyword is only there so I know when outside machines are using my
node. This was useful for debugging my ipf and ipnat rules with tcpdump.)
In my ipnat.rules, at the bottom, I added the following:
# redirect freenet requests to my local machine
rdr ne3 0.0.0.0/0 port 24334 -> 192.168.0.2 port 24334 tcp
rdr ne3 0.0.0.0/0 port 24334 -> 192.168.0.2 port 24334 udp
This says to redirect anything from the external network that is destined
for port 24334 to my internal machine's port 24334 instead.
I hope this helps people with firewall problems.
--- Jim
PS: It's possible that the udp line in ipnat.rules is unnecessary and that
the keep state option in the ipf.rules is unnecessary.
_______________________________________________
Support mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/support
