Hi! I'm new to unix/linux
and I have a question about port redirection.
I have a FreeBSD firewall/router which is already configurated. It's a network of about 10 clients and client on 192.168.2.6 needs access (software) to UDP ports 27950, 27952, 27960 and 27965.
Here are configurated scripts:
(public_ip) = IP from my ISP (hiden for security)
(public_ip2) = Second IP
rc.conf (located in /etc/)
------------------------------
# -- sysinstall generated deltas -- # Tue Oct 29 11:38:29 2002
# Created: Tue Oct 29 11:38:29 2002
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="(public_ip)"
gateway_enable="YES"
hostname="(not_shown)"
ifconfig_rl0="inet (public_ip) netmask 255.255.255.0"
ifconfig_rl0_alias0="inet (public_ip) netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.2.1 netmask 255.255.255.0"
inetd_enable="NO"
kern_securelevel_enable="NO"
keymap="si.iso"
nfs_reserved_port_only="YES"
sendmail_enable="YES"
sshd_enable="YES"
natd.sh (located in /usr/local/etc/rc.d/)
------------------------------
#!/bin/sh
killall -9 natd
/sbin/natd -m -dynamic -n rl0 -redirect_address 192.168.2.14 (public_ip2)
/sbin/natd -m -p 6889 -dynamic -n rl1 -redirect_address 192.168.2.14 (public_ip2)
ipfw.sh (located in /usr/local/etc/rc.d/)
------------------------------
#!/bin/sh
#pobrise vsa pravila
/sbin/ipfw -f flush
#dovoli promet po loaklni masini
/sbin/ipfw add accept ip from 127.0.0.1 to 127.0.0.1
/sbin/ipfw add accept ip from (public_ip) to (public_ip)
/sbin/ipfw add accept ip from (public_ip2) to (public_ip2)
/sbin/ipfw add accept ip from 192.168.2.1 to 192.168.2.1
#dovoli promet
/sbin/ipfw add accept ip from 192.168.2.0/24 to 192.168.2.0/24
#vse kar pride po rl1 preusmeri natdju
/sbin/ipfw add divert 6889 ip from any to any via rl1
#vse kar pride po rl0 preusmeri natdju
/sbin/ipfw add divert natd ip from any to any via rl0
/sbin/ipfw add accept tcp from any to (public_ip) established
/sbin/ipfw add accept tcp from (some_address) to (public_ip) 22
#zavrne vse kar pride na firewall
/sbin/ipfw add unreach filter-prohib tcp from any to (public_ip)
#za DNS ki komunicira na UDP protokolu
/sbin/ipfw add accept udp from any to any 53
/sbin/ipfw add accept udp from any 53 to any
/sbin/ipfw add accept udp from (public_ip) to any
#zavrne udp do firewalla
/sbin/ipfw add unreach filter-prohib udp from any to any
#zavrne ves promet ki prihaja na IP-ja
/sbin/ipfw add unreach filter-prohib ip from any to (public_ip2)
Thanks!