pomoc s IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease

[Juraj Petrik]

odpoved moze byt kludne v SK/CZ

vopred vdaka!!!!
----------------------------------
hello,
can you help me, please,

I'm trying to run firewall with using
IPFilter, IPNAT and Dummynet, on FreeBSD

I'm readed so much HOWTOs but, I can't do
redirection to another server in internal
network:
rl0 - WAN (194.x.x.0/24) 194.x.x.22 if FreeBSD box
rl1 - LAN (192.168.1.0/24) 192.168.1.22 if FreeBSD box
rl2 - DMZ (10.0.0.0/24) 10.0.0.22 if FreeBSD box

my server is now on LAN, not on DMZ.

I'm using FreeBSD 4.7 prerelease from CVS.

In kernel config have added:
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=30
options         IPFIREWALL_FORWARD
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPDIVERT
options         DUMMYNET

options         IPFILTER
options         IPFILTER_LOG
options         IPFILTER_DEFAULT_BLOCK
options         RANDOM_IP_ID

in /etc/rc.conf have:
tcp_extensions="YES"
gateway_enable="YES"
portmap_enable="NO"

#firewall_enable="YES"
#firewall_type="/etc/dummynet.conf"
#firewall_logging="NO"

ipfilter_enable="YES"
ipfilter_flags=""
ipfilter_rules="/etc/ipf.conf"

ipnat_enable="YES"
ipnat_flags=""
ipnat_rules="/etc/ipnat.conf"

ipmon_enable="YES"
ipmon_flags="-Dns -l block"

in /etc/ipf.conf:
pass in log all
pass out log all

in /etc/ipnat.conf:
map rl0 192.168.1.0/24 -> 194.x.x.22/32
map rl0 0/0 -> 194.x.x.22/32 proxy port ftp ftp/tcp

map rl0 192.168.1.0/24 -> 194.x.x.22/32 portmap tcp/udp 12500:60000
map rl0 192.168.1.0/24 -> 194.x.x.22/32

rdr rl0 194.x.x.22/32 port 80 -> 192.168.1.35 port 80
rdr rl0 194.x.x.22/32 port 22 -> 192.168.1.35 port 22

NAT from LAN to internet works OK,
but from Internet I can't redirct.

Please help me ANYBODY!!!!
-jp-