Spoke too soon; figured it out not a minute later. It seems to work if I remove the divert rule for my server (10.0.0.2) from ipfw, and leave the natd parameter. SigmaX On 8/20/06, SigmaX asdf <fydernix@gmail.com> wrote:> I've setup a firewall box with IPFW and NATD with what the handbook > had to offer on the subject, and now would like to get traffic > forwarded to behind my shmancy new firewall. > > Google is purely confusing me on this one. From what I understand I > need to do one or more of the following: > > setup a divert rule for ipfw > setup a fwd rule for ipfw > setup a redirect_port rule for natd > compile forwarding support into my kernel > > Somehow I doubt it's all of the above. What am I supposed to do to > allow port forwarding? > > Thanx for any pointers, > SigmaX > > > > > # ipfw list > > 00010 divert 8668 tcp from any to 10.0.0.2 dst-port 80 > > 00050 divert 8668 ip4 from any to any via rl0 > > 00100 allow ip from any to any via lo0 > > 00200 deny ip from any to 127.0.0.0/8 > > 00300 deny ip from 127.0.0.0/8 to any > > 65000 allow ip from any to any > > 65535 deny ip from any to any > > > > Semi-relevant rc.conf options: > > > > > gateway_enable="YES" > > firewall_enable="YES" > > firewall_type="open" > > natd_enable="YES" > > natd_interface="rl0" > > natd_flags="-dynamic -m -f /etc/natd.conf" > > ipfw_enable="YES" > > > > natd.conf: > > > > > redirect_port tcp 10.0.0.2:80 80 > > > > >