# port forwarding the vpn server



## lezde716 (Feb 23, 2011)

Hi everybody,

This is my setup 
	
	



```
192.168.0.1----192.168.0.226[BSD NAT Machine]192.168.11.1----192.168.11.202[Win2k3 VPN Server]
```

This is Lab Testing of VPN Server behind the FreeBSD NAT. A Windows 2k3 is configured as domain and a VPN Server. For this testing the FreeBSD NAT machine is already working. PC behind this FreeBSD NAT machine is already browsing from the Net. If this lab testing will work I will apply this to the outside internet. 

I want to portforward the 192.168.11.202 machine to be accessed by the 192.168.0.0/24 network. 

This is the command I follow from the handbook: `natd -redirect_port tcp 192.168.11.202:80 192.168.0.226:80`

```
error: natd: instanace default: aliasing address not given
```

Another command: `natd -n vr0 -redirect_port tcp 192.168.11.202:80 192.168.0.226:80`

```
error: natd Unable to bind divert socket.: Address aleady in use
```

Please help me about this matter. Thank you in advance.


----------



## SirDice (Feb 23, 2011)

I'm assuming this is just for testing purposes because you really don't need to use NAT. Basic routing would be enough.

Which part is actually being NAT'ted?


----------



## lezde716 (Feb 24, 2011)

public=192.168.0.226
gateway=192.168.0.1

private=192.168.11.202
gateway=192.168.11.1

The 192.168.0.226 is being nated. So basically the 192.168.0.226 is my wan side and 192.168.11.0/24 is lan side. Right? 

What I want is, the wan side will access services (e.g web, vpn server, ftp etc.) from the lan side. My nat machine is a FreeBSD. My problem here is my port forwarding of this said service is not working.

Any idea about this? Please help. Thank you again.


----------



## SirDice (Feb 24, 2011)

If I read natd(8) correctly it should be something like:

```
natd -redirect_port 192.168.11.202:80 80
```
If you want to forward port 80 to the inside.


----------



## lezde716 (Feb 25, 2011)

Thank you for the reply.

I already try that but got 
	
	



```
natd: instance default: aliasing address not given
```


----------

