Date: Thu, 8 Mar 2001 12:07:00 -0300 From: "Pablo Bendersky" <pbendersky@itineri.com> To: <freebsd-questions@freebsd.org> Subject: Problem setting up NAT Message-ID: <JPEAKMLHKPBJHAEBDFIEAECOCCAA.pbendersky@itineri.com>
next in thread | raw e-mail | index | archive | help
I've just configured a computer to serve as our network firewall. It's working ok. It has two interfaces, xl0 (Connected to our local network, 192.168.0) and xl1, connected to our external IP. We have some little firewall settings, which are: (I think they are more than the needed) 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00500 divert 8668 ip from any to any via xl1 00700 allow tcp from 200.59.132.93 to 200.59.132.92 01000 allow tcp from any to any established 02000 allow tcp from any to any setup 03000 allow udp from any to any 04000 allow icmp from any to any 65535 deny ip from any to any and when running /sbin/natd -n xl1 everything works fine, and everyone on the local network has internet access. Now, I wanted to make use of a second external IP address I have, so I added it as an alias to xl1. It works ok, and I can ping it from everywhere. I then tried to make nat forward telnet service (Which, by the way is not running on this machine) to one of our local machines. For that, I tried with: /sbin/natd -redirect_port tcp 192.168.0.4:23 <alias_ip>:23 -n xl1 After that, I was still able to ping the alias IP, and everything, but not able to telnet the localhost. (Which I can telnet from any computer on the local network) I have, of course, gateway_enable="YES" in my /etc/rc.conf Thanks a lot ! Pablo Bendersky pbendersky@itineri.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?JPEAKMLHKPBJHAEBDFIEAECOCCAA.pbendersky>