From owner-freebsd-questions@FreeBSD.ORG Fri Aug 20 05:13:42 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66B5716A4CE for ; Fri, 20 Aug 2004 05:13:42 +0000 (GMT) Received: from grog.secure-computing.net (grog.secure-computing.net [63.228.14.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFED843D1F for ; Fri, 20 Aug 2004 05:13:41 +0000 (GMT) (envelope-from ecrist@secure-computing.net) Received: from Nomad (nat-server.secure-computing.net [63.228.14.245]) (authenticated bits=0)i7K5CjDW024338; Fri, 20 Aug 2004 00:13:00 -0500 (CDT) (envelope-from ecrist@secure-computing.net) From: "Eric Crist" To: "'Rich Shinnick'" , "'Hakim Singhji'" , "'Hakim Z. Singhji'" , "'MatthewSeaman'" Date: Fri, 20 Aug 2004 00:06:40 -0500 Message-ID: <043a01c48673$80bdcd20$6501a8c0@Nomad> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 In-Reply-To: <200408200446.BVK45845@ms5.netsolmail.com> Importance: Normal X-Virus-Scanned: clamd / ClamAV version 0.74, clamav-milter version 0.74a on grog.secure-computing.net X-Virus-Status: Clean cc: 'Bill Moran' cc: freebsd-questions@freebsd.org Subject: RE: HOWTO Ping LAN??? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Aug 2004 05:13:42 -0000 SEE BOTTOM > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of > Rich Shinnick > Sent: Thursday, August 19, 2004 11:46 PM > To: 'Hakim Singhji'; 'Hakim Z. Singhji'; 'MatthewSeaman' > Cc: 'Bill Moran'; freebsd-questions@freebsd.org > Subject: RE: HOWTO Ping LAN??? > > > Hakim, > > What you are trying to do is possible in two ways: > > 1. SSH to the box, and tunnel to other internal machines > according to the tunnels you have set up. (See the last email > I sent). 2. Port forward connections from the Internet "thru" > the BSD to internal machines. > > Check these links: http://www.rootprompt.net/freebsd_firewall.html > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fire > walls.html > > > _____ > > From: Hakim Singhji [mailto:Hakim.Singhji@nychhc.org] > Sent: Thursday, July 29, 2004 10:27 AM > To: Hakim Z. Singhji; MatthewSeaman > Cc: Bill Moran; freebsd-questions@freebsd.org > Subject: Re: HOWTO Ping LAN??? > > > Hi Matt, > > You say that the only way I will be able to connect to my > network is by tunneling. > This is not what I want to do, I thought I may be able to > SSH, Telnet, www, etc. > from the outside to my default gateway and have the gateway > pass SSH, Telnet, > www., or any other request to the machine on the private > network by including the > "localhost.defaultgateway.domain.org" or something to that affect. > > Does NAT Overloading only go one way??? > > Hakim Z. Singhji > Coordinating Mgr. / Infection Control > 718-245-3923 > hakim.singhji@nychhc.org > > >>> Matthew Seaman > 7/29/2004 5:32:32 > >>> AM > >>> > On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote: > > > Figure 1 > > > > *************** > > * Internet * > > *24.199.1xx.xx* > > *************** > > ~ | > > ~ | > > *************** ************** > > * Defaut GW * __ __ *Kids Machine* > > *192.68.0.1 * *192.68.0.3 * > > FreeBSD 4.10 * * Mandrake 10* > > *************** ************** > > ~ | > > ~ | > > ***************** > > *Wrk Station1* > > *192.68.0.2 * > > *Redhat 9 * > > ***************** > > > > This is a rough diagram of the network... I would like to > ssh, ping, > > etc. the machines behind the default gateway directly (without > > tunneling) from the outside the network (at work for > example). Is this > > possible and if so how do I config. Keep in mind that my default > > gateway is FreeBSD. I know this may be a complicated project but if > > you could help that would help me greatly. Many thanks to > everyone in > > advance. > > I'm afraid that's not going to be possible with your current > network layout. If you want all of your machines to be > accessible from the Internet, then you'll need routable > addresses on all of your machines. > > I know you've said you don't want to use tunnelling, but > unfortunately, that's the only way you can access a private > address space as you have from outside it. A relatively > simple way of doing that is to ssh into your gateway box, and > use the '-L' or '-R' portforwarding options to create a > tunnel to one of the internal machines, and then ssh or > otherwise connect through that tunnel: see eg. > http://www.linux.ie/articles/tutorials/ssh.php One other point: you're going to have problems if you're using 192.168.0.0 as the IP number on your FreeBSD machine. That's the *network* address, and shouldn't be applied directly to any specific machine. If you're running your internal network using 192.168.0.0/24 as the address space, then you have 254 addresses (from 192.168.0.1 to 192.168.0.254) to use for client machines, since 192.168.0.0 (network address) and 192.168.0.255 (broadcast address) are reserved as part of the networking setup. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK Hello, There is one real solution to this here. You could setup a DMZ to your Default Gateway. If this is a Linksys Broadband Gateway, it's as simple as checking a box and typing in the private IP address. This routes all incoming (non-statefull) connections to this host. Since your IP changes, use a dynamic DNS service such as no-ip.org(sp?) or tzo.com. I've used TZO.com, personally, then I just got DSL with a /29 static IP address allocation. This should work without issue, unless your DMZ firewall rules prevent it. I would need more information to let you know. HTH Eric F Crist Best Access Systems 11300 Rupp Dr. Burnsville, MN 55337 Phone: 952.894.3830 Cell: 612.998.3588 Fax: 952-894-1990