From owner-freebsd-questions Wed Jul 31 21:20:42 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6485137B400 for ; Wed, 31 Jul 2002 21:20:38 -0700 (PDT) Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 124B143E72 for ; Wed, 31 Jul 2002 21:20:34 -0700 (PDT) (envelope-from lane@joeandlane.com) Received: from user-112urtn.biz.mindspring.com ([66.47.111.183] helo=joeandlane.com) by falcon.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 17a7Ru-00048W-00 for freebsd-questions@freebsd.org; Wed, 31 Jul 2002 21:20:30 -0700 Received: from joeandlane.com (localhost [IPv6:::1]) by joeandlane.com (8.12.5/8.12.5) with ESMTP id g714KPNk002083 for ; Wed, 31 Jul 2002 23:20:25 -0500 (CDT) (envelope-from lane@joeandlane.com) Received: (from nobody@localhost) by joeandlane.com (8.12.5/8.12.5/Submit) id g714KOoB002082; Wed, 31 Jul 2002 23:20:24 -0500 (CDT) (envelope-from lane@joeandlane.com) Date: Wed, 31 Jul 2002 23:20:24 -0500 (CDT) Message-Id: <200208010420.g714KOoB002082@joeandlane.com> X-Authentication-Warning: joeandlane.com: nobody set sender to lane@joeandlane.com using -f From: "lane@joeandlane.com" To: freebsd-questions@freebsd.org Subject: The inscrutable natd redirect_port X-Mailer: NeoMail 1.25 X-IPAddress: 192.168.1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I've got two nearly identical FreeBSD boxes, both running 4.6 STABLE, both kernels rebuilt within the last week from the same source and same KERNEL config file. Each machine runs identical rc.conf, except for the hostname. Each machine has two nics, an rl0 for the internal network and ed0 for the external network. Both machines act as a gateway for a small internal network that includes an NT machine and an AS/400 for each. Each machine is in a workspace separated by about 10 miles. I can telnet or ftp to each of these machines from the other or from any machine that they act as a gateway for. I mean this setup is identical EXCEPT that natd works on one and not on the other. here is the information from rc.conf: gateway_enable="YES" firewall_enable="YES" firewall_script="/etc/firewall/fwrules" natd_enable="YES" natd_interface="de0" natd_flags="-config /etc/natd.conf" and natd.conf: interface de0 dynamic yes use_sockets yes unregistered_only yes log yes log_denied yes #verbose yes deny_incoming no # send incoming ftp, wins, and mssql to the NT machine redirect_port tcp 192.168.1.2:1433 1433 redirect_port udp 192.168.1.2:137 137 redirect_port tcp 192.168.1.2:137 137 redirect_port tcp 192.168.1.2:23 8023 redirect_port tcp 192.168.1.2:21 8021 # send incoming db2, telnet, and ftp and client access to the AS/400 machine redirect_port tcp 192.168.1.4:23 4023 redirect_port tcp 192.168.1.4:21 4021 redirect_port tcp 192.168.1.4:423 423 redirect_port tcp 192.168.1.4:523 523 and finally the firewall rules: fwcmd="/sbin/ipfw" #make the interface into a macro de0="de0" rl0="rl0" $fwcmd -f flush $fwcmd add divert natd all from any to any via $de0 $fwcmd add pass all from any to any This setup works fine for one machine. I am able to ftp, telnet, or send db2 or mssql requests to any machine on the network from any machine on either network. HOWEVER .... None of this works on the other machine. None of the natd redirects, that is. Each request, for instance to "telnet remote_host 8023" is met with telnet: connect to address 172.172.5.1: Connection refused telnet: Unable to connect to remote host (This whether I attempt to connect from the local network, from the 172.172.5.1 host, or from any remote site) But "telnet remote_host" and "telnet remote_host 23" work perfectly. /var/log/alias.log seems to witness the action, but I cannot interpret that file to determine where or why 172.172.5.1 is rejecting the incoming request. What steps can I take to track down this failure? Thanks for reading. And thanks for your input. lane holcombe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message