Hi! I'm new to unix/linux and I have a question about port redirection.
I have a FreeBSD firewall/router which is already configurated. It's a network of about 10 clients and client on 192.168.2.6 needs access (software) to UDP ports 27950, 27952, 27960 and 27965.

Here are configurated scripts:

(public_ip) = IP from my ISP (hiden for security)
(public_ip2) = Second IP

rc.conf (located in /etc/)
------------------------------
# -- sysinstall generated deltas -- # Tue Oct 29 11:38:29 2002
# Created: Tue Oct 29 11:38:29 2002
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
defaultrouter="(public_ip)"
gateway_enable="YES"
hostname="(not_shown)"
ifconfig_rl0="inet (public_ip) netmask 255.255.255.0"
ifconfig_rl0_alias0="inet (public_ip) netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.2.1 netmask 255.255.255.0"
inetd_enable="NO"
kern_securelevel_enable="NO"
keymap="si.iso"
nfs_reserved_port_only="YES"
sendmail_enable="YES"
sshd_enable="YES"


natd.sh (located in /usr/local/etc/rc.d/)
------------------------------
#!/bin/sh

killall -9 natd

/sbin/natd -m -dynamic -n rl0 -redirect_address 192.168.2.14 (public_ip2)

/sbin/natd -m -p 6889 -dynamic -n rl1 -redirect_address 192.168.2.14 (public_ip2)


ipfw.sh (located in /usr/local/etc/rc.d/)
------------------------------
#!/bin/sh

#pobrise vsa pravila
/sbin/ipfw -f flush

#dovoli promet po loaklni masini
/sbin/ipfw add accept ip from 127.0.0.1 to 127.0.0.1
/sbin/ipfw add accept ip from (public_ip) to (public_ip)
/sbin/ipfw add accept ip from (public_ip2) to (public_ip2)
/sbin/ipfw add accept ip from 192.168.2.1 to 192.168.2.1

#dovoli promet
/sbin/ipfw add accept ip from 192.168.2.0/24 to 192.168.2.0/24

#vse kar pride po rl1 preusmeri natdju
/sbin/ipfw add divert 6889 ip from any to any via rl1

#vse kar pride po rl0 preusmeri natdju
/sbin/ipfw add divert natd ip from any to any via rl0

/sbin/ipfw add accept tcp from any to (public_ip) established
/sbin/ipfw add accept tcp from (some_address) to (public_ip) 22

#zavrne vse kar pride na firewall
/sbin/ipfw add unreach filter-prohib tcp from any to (public_ip)

#za DNS ki komunicira na UDP protokolu
/sbin/ipfw add accept udp from any to any 53
/sbin/ipfw add accept udp from any 53 to any
/sbin/ipfw add accept udp from (public_ip) to any

#zavrne udp do firewalla
/sbin/ipfw add unreach filter-prohib udp from any to any

#zavrne ves promet ki prihaja na IP-ja
/sbin/ipfw add unreach filter-prohib ip from any to (public_ip2)


Thanks!

-redirect_port proto targetIP:targetPORT[-targetPORT]
[aliasIP:]aliasPORT[-aliasPORT]
[remoteIP[:remotePORT[-remotePORT]]]


For example, an IRC server runs on Client A, and a web server runs on Client B. For this to work properly, connections received on ports 6667 (IRC) and 80 (web) must be redirected to the respective machines.

the argument should be:
-redirect_port tcp 192.168.0.2:6667 6667
-redirect_port tcp 192.168.0.3:80 80
This will redirect the proper tcp ports to the LAN client machines.


The -redirect_port argument can be used to indicate port ranges over individual ports. For example, tcp 192.168.0.2:2000-3000 2000-3000 would redirect all connections received on ports 2000 to 3000 to ports 2000 to 3000 on Client A.

These options can be used when directly running natd(8) or placed within the

natd_flags=""
option in /etc/rc.conf.

as quoted from the bsd handbook http://www.freebsd.org/doc/en_US.ISO...ook/index.html