On Mon, May 26, 2003 at 12:02:52PM -0400, fernando@rxp.com wrote:
>From: <fernando@rxp.com>
>To: "NetBSD" <netbsd-help@netbsd.org>
>Subject: can't figure out port forwarding. :-(
>Date: Mon, 26 May 2003 12:02:52 -0400
>
>Hi NetBSD Geniuses! :-)
>
>	After reading all the messages about port forwarding, ipf, ipnat, and a few
>other subjects in the NetBSD world, I have come to the conclusion that all
>these years of playing with M$oft products have made me retarded. :-(
>
>	I am trying to setup a Terminal server behind a NetBSD box. I tried to
>understand the port forwarding thing in ipf.conf but there isn't anything in
>that file except a default line that the NetBSD installation put in there.
>And a few more lines for ipnat.conf. (it's not like I understand either of
>them anyway).
>
>	My NetBSD box has 2 nics (ex0-external and ex1-internal). ex0 gets ip
>24.25.26.27 as assigned by the isp while ex1 gets ip 192.168.1.250 (I think
>I assigned that one or it auto'd to that during install).
>
>The only things in my ipf.conf file is:
>-----------------------------------------
>	#Prevent IP spoofing.
>	block in quick all with short
>-----------------------------------------
>
>And all that is in my ipnat.conf file is:
>-----------------------------------------
>	#!/sbin/ipnat -f -
>	#
>	# THIS IS WRITTEN FOR IP FILTER 3.2
>	#
>	# ex0 - (external) connection to ISP, address 24.25.26.27/32
>	#
>	# ex1 - (internal) network interface, address 192.168.1.250/32
>	#
>	#
>	map ex0 192.168.1.250/24 -> 24.25.26.27/32 portmap tcp/udp 40000:60000
>	map ex0 192.168.1.250/24 -> 24.25.26.27/32
>	#
>	#
>	#To make ftp work, using the internal ftp proxy, use:
>	#
>	map ex0 192.168.1.250/24 -> 24.25.26.27/32 proxy port ftp ftp/tcp
>-----------------------------------------
>
>	What I currently have is 3 static ip addresses (only using 2 right now) and
>I have a server sitting on one of them (exposed to the internet 'cuz it has
>a web site on it). I need to put that server behind the NetBSD box but still
>have access to the terminal services and web sites on that machine.
>
>	This is a link to a diagram of what I have now and what I am trying to do.
>Although I'm sure my explanation is enough. http://vpndns.com/now.htm
>
>	I tried to make a line like the last one in the ipnat.conf file. It didn't
>work. :-\ and I found on the web that the port the client initializes is
>port 3389 tcp. How do I create a line in the conf files to allow 3389 entry?
>Will the new line include the ip address of the server (the new internal ip
>address of the terminal server will be something like 192.168.1.44).
>
>	On a web site I saw an answer to some one else's same question but it only
>said: "you only need to redirect your TCP port 3389 through your firewall to
>the IP-Addr. of the Terminal Server." ... How??? is it something like:
>redirect port 3389 -> 192.168.1.44

Actually it's:

rdr ex0 24.25.26.27/32 3389 -> 192.168.1.44/32 3389 tcp

Read ipnat.conf man page for more details.

>
>	If the above is correct, how would I handle multiple servers if everything
>going to port 3389 is going to go to one machine? (magic, right? ;-)
>
>Thank you VERY much for any help at all.
>Fernando
>
>PS: "vi" is KILLING me. Can I just share the whole drive and use notepad?
>:-P

No, you can't ;-)

>
>

-- 
Regards,
Dancho Penev