Redirection of a port through ipfw (?)

myara

Registered
Ok,
i just want to tell ipfw to redirect all incoming traffic to a given port (TCP 5902) to another given port (TCP 5900) on one of the machines of my private network (i.e. 10.0.0.12). Doing that, i guess i would be able to connect from outside my private network on my public IP on the given port (lets say 200.XX.XX.XX:5902) and actually being connected to the computer inside my network on the other given port (10.0.0.12:5900).
Can anyone help me doing that using the Server Admin Tool or the ipfw on terminal?
(and by the way, the server is an OS X 10.4)

Thanks in advance.

Marcelo Myara
Rio de Janeiro/Brazil
 

Kees Buijs

Registered
myara said:
Ok,
i just want to tell ipfw to redirect all incoming traffic to a given port (TCP 5902) to another given port (TCP 5900) on one of the machines of my private network (i.e. 10.0.0.12). Doing that, i guess i would be able to connect from outside my private network on my public IP on the given port (lets say 200.XX.XX.XX:5902) and actually being connected to the computer inside my network on the other given port (10.0.0.12:5900).
Can anyone help me doing that using the Server Admin Tool or the ipfw on terminal?
(and by the way, the server is an OS X 10.4)

I am pretty sure you can NOT do that with the SERVER ADMIN, but you need to edit the file "/private/etc/rc" or any of it related files to make that work.


Good luck, Kees
 

myara

Registered
Well, i don't know how to do it, or even what i should be doing at the /private/etc/rc...

So far, i was trying to understand the NAT firewall rule, cause it makes something very similar (even more complicated) that what i'm wanting to do. Til now i bet it is a "divert" rule that is going to do it. And even that i can do a divert rule at Server Admin, i don't know how to set the parameters of the rule to do it. And using the ipfw command at the terminal seems equaly complicated to me, for creating the rule.

Do you know how to help me creating a divert rule?

Thanks for the help...

Marcelo Myara
Rio de Janeiro/Brazil
 

scruffy

Notorious Olive Counter
natd does the actual translating, ipfw is used to pass packets to natd.

Assuming your external IP address is 1.2.3.4, the external interface is en0, and the internal host you want to forward to is 10.0.0.12, you'd want to have a line in your rc.natd config file like:

redirect_port tcp 10.0.0.12:5900 1.2.3.4:5902

and a line in your ipfw config file like:
divert natd tcp from any to 1.2.3.4 5902 in en0
 

myara

Registered
Hummm... Sounds so simple...

Ok, so, I don't have any "rc.natd" at /private/etc (which sounds a little strange since the OS's NAT service is active) so I created one with the line you suggested. The problem is that I can't add the divert rule... Check this out:

ipfw add divert natd tcp from any to 10.10.21.2 5902 in en3
ipfw: unrecognised option [-1] en3

ipfw add divert natd tcp from any to 10.10.21.2 5902 in
ipfw: socket: Operation not permitted

Note: My external IP is 10.10.0.0 cause it is behind a firewall box.

Thanks.

Marcelo Myara
Rio de Janeiro/Brazil
 

myara

Registered
Ok, problem resolved. Just to complete the post with the solution i've got, here it is:

Actually, if you use the rc.natd it will be overrided when the ServerAdmin loads the NAT service (at least this is what i understood about it). So you can edit the server admin's configuration file for the NAT service (natd.plist) and add there a port redirection section, describing what you want to do. Here's an URL with an example on how to do it : http://www.labo-apple.org/en/print/277/
P.S.: On this doc, it uses the TCP and UDP words in uppercase, but it HAS TO be written in lowercase (tcp and udp) for the solution to work.

Marcelo Myara
Rio de Janeiro/Brazil
 
Top