Hi, I own two public address x.x.x.x and y.y.y.y for my two web servers. Another z.z.z.z public address is assigned to tun0. A FreeBSD 10 system is configured as a gateway to forward traffic from tun0 to the two internet web servers. Illustrated as below:
However when I browsed x.x.x.x from my iPhone (outside my local network), traffic is not getting through to the web servers. Same as when I browsed y.y.y.y.I am wondering what should I do to make this happen?
My rc.conf configuraiton:
natd.conf file:
ipfw.rules file:
Very appreciate suggestion and help.
Best regards
Sam
Code:
x.x.x.x
z.z.z.z -- tun0 ---- 2 web servers (192.168.5.20 via em2 and 192.168.6.20 via em3)
y.y.y.y
My rc.conf configuraiton:
Code:
gateway_enable="YES"
inetd_enable="YES"
kern_securelevel_enable="NO"
hostname="iExtentGateway"
#ifconfig_em0="DHCP"
#ifconfig_em4="inet 192.168.1.254 netmask 255.255.255.0"
#ifconfig_em4="inet 10.0.1.254 netmask 255.255.255.0"
ifconfig_em0="inet 192.168.2.254 netmask 255.255.255.0"
ifconfig_em1="inet 192.168.1.254 netmask 255.255.255.0"
ifconfig_em2="inet 192.168.5.254 netmask 255.255.255.0"
ifconfig_em3="inet 192.168.6.254 netmask 255.255.255.0"
ppp_enable="yes"
ppp_profile="pppoe"
ppp_mode="ddial"
natd_enable="YES"
natd_flags="-f /etc/natd.conf"
firewall_enable="YES"
firewall_logging="YES"
firewall_script="/etc/ipfw.rules"
natd.conf file:
Code:
interface tun0
use_sockets yes
dynamic yes
redirect_address 192.168.5.20 x.x.x.x
redirect_address 192.168.6.20 y.y.y.y
ipfw.rules file:
Code:
#!/bin/sh
IPF="ipfw -q add"
ipfw -q -f flush
skip="skipto 800"
$IPF divert natd all from any to any via tun0
#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag
# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from any to any
# open port ftp (20,21), ssh (22), mail (25)
# http (80), dns (53) etc
$IPF 130 allow tcp from any to any 22 in
$IPF 140 allow tcp from any to any 22 out
$IPF 150 allow tcp from any to any 25 in
$IPF 160 allow tcp from any to any 25 out
$IPF 170 allow udp from any to any 53 in
$IPF 175 allow tcp from any to any 53 in
$IPF 180 allow udp from any to any 53 out
$IPF 185 allow tcp from any to any 53 out
$IPF 200 allow tcp from any to any 80 in
$IPF 210 allow tcp from any to any 80 out
$IPF 720 allow all from 192.168.0.0/16 to any keep-state
$IPF 722 allow all from 10.0.0.0/8 to any keep-state
$IPF 730 allow tcp from any to x.x.x.x 80 keep-state
$IPF 740 allow tcp from any to y.y.y.y 80 keep-state
# deny and log everything
$IPF 900 deny log all from any to any
Best regards
Sam