# port fowarding help.



## paulfrottawa (Dec 24, 2008)

Sorry to trouble you guys again.

I want to see my test site. 

Here is my setup 

cable modem
router in (freebsd vr0 dhcp on wan)
router out (freebsd xl0 going to dlink router) 192.168.101.1
router in (dlink to wireless and lan connections) 192.168.101.2
router out (dlink wireless and lan) 198.168.102.1
all working.

Because this is in my rc.conf

static_routes="internalnet2"
route add -net 192.168.102.1/24 192.168.101.2

PS: this is also in my rc.conf
sshd_enable="YES"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="vr0"
natd_flags="-dynamic -m"
jail_enable="YES"
 and my jails are set to my wan side. (I don't know if that crazy but it works.) 

________________________________________

Any ways I have a test site at 192.168.102.221 working and I havn't been able to see it yet using my public IP. and after trying to set up a firewall I loose my connectivity on my xphome box to the internet.

ipfw -q -f flush doesn't reconnect me I have to reboot freebsd


----------



## paulfrottawa (Dec 24, 2008)

Another thing for those who plan to help. My dlink can port forward too. I point  my browser to http://192.168.101.2 and I get the web page as if I pointed it at http://192.168.102.221

________________________----

Here's most of my rc.conf file just the jails are excluded.




> ifconfig_vr0="DHCP"
> ipv6_enable="YES"
> ifconfig_xl0="inet 192.168.101.1 netmask 255.255.255.0"
> # Add Internal Net 2 as a static route
> ...


----------



## paulfrottawa (Dec 30, 2008)

I no longer have jails on the same box as my router. I spent almost 70 hrs getting port forwarding to work but the only thing Freebsd can do is share an internet connection with Natd and IPFW.

Its a waist of time.

I can input my unroutable ip 192.168.10.3 and I get it work on but try putting your donaim name or dynamic isp IP and nothing for 70 hrs of trying. (two weeks)

I've read the handbood three maybe four times about this.


----------



## paulfrottawa (Dec 31, 2008)

just noticed this in my dmesg:


> ipfw2 (+ipv6) initialized, divert enabled, rule-based forwarding disabled, default to accept, logging unlimited


----------



## cloud (Jan 1, 2009)

Personaly I use PF for port forwarding. Just add something like :


> ext_if="vr0"   #your external interface
> internal_net="192.168.102.0/24"
> 
> nat on $ext_if from $internal_net to any -> ($ext_if)
> rdr on $ext_if proto tcp from any to any port 80 -> 192.168.102.221 port 80



If I have understand your problem, it can a solution.


----------



## paulfrottawa (Jan 24, 2009)

Thnks I'm able to have it working. The difference might be that I now use bind or it always worked. Right now I can not see the sight using my domain named from inside my network but can from outside.

/etc/rc.conf


> # -- sysinstall generated deltas -- # Sat Jan 10 02:59:43 2009
> # Created: Sat Jan 10 02:59:43 2009
> # Enable network daemons for user convenience.
> # Please make all changes to this file, not to /etc/defaults/rc.conf.
> ...





> dynamic
> n xl0
> redirect_port tcp 192.168.0.19:http http
> redirect_port tcp 192.168.0.18:25 25




I plan to learn pf ipfilter as well. I'm going through the whole handbook by setting up other machines. 

Here are some of my /etc/namedb files. any input would be nice expecially on getting sendmail to work inside a jail I'm learning that now.


> $TTL 3h
> 0.168.192.in-addr.arpa. IN SOA proxy.plusx.ca. paul.plusx.ca. (
> 1        ; Serial
> 3h       ; Refresh after 3 hours
> ...


using my real IP is the only way i could see my web page. The example that i used was different and used network addresses only. http://docstore.mik.ua



> $TTL 3h
> plusx.ca. IN SOA proxy.plusx.ca. paul.plusx.ca. (
> 1        ; Serial
> 3h       ; Refresh after 3 hours
> ...



there is an error when trying 
www IN CNAME @

on the last line so I comment it out.

criticism welcomed


----------



## paulfrottawa (Jan 24, 2009)

Sorry for the change of ip's I rebuild this machine allot.


----------

