From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 20 08:27:33 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9B51E16A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 20 Aug 2004 08:27:33 +0000 (GMT)
Received: from audiogram.mail.pas.earthlink.net
	(audiogram.mail.pas.earthlink.net [207.217.120.253])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5E75A43D2D
	for <freebsd-questions@freebsd.org>;
	Fri, 20 Aug 2004 08:27:33 +0000 (GMT)	(envelope-from hzs202@nyu.edu)
Received: from user-0cceq8c.cable.mindspring.com ([24.199.105.12]
	helo=nyu.edu)
	by audiogram.mail.pas.earthlink.net with asmtp (TLSv1:AES256-SHA:256)
	(Exim 4.34)	id 1By4ju-0003Fn-VB; Fri, 20 Aug 2004 01:27:11 -0700
Message-ID: <4125B612.9040109@nyu.edu>
Date: Fri, 20 Aug 2004 04:28:02 -0400
From: "Hakim Z. Singhji" <hzs202@nyu.edu>
Organization: New York University
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040115
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Eric Crist <ecrist@secure-computing.net>
References: <043a01c48673$80bdcd20$6501a8c0@Nomad>
In-Reply-To: <043a01c48673$80bdcd20$6501a8c0@Nomad>
X-Enigmail-Version: 0.83.6.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
	micalg=sha1; boundary="------------ms030102010901040902080004"
X-ELNK-Trace: 59e746354e49a56ad5e26e230a8c4dea74bf435c0eb9d47809f4808bf386178f0e7985795cc24b0eb13d112025b7fe4b350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 24.199.105.12
cc: 'Rich Shinnick' <rich@stigroup.net>
cc: 'Bill Moran' <wmoran@potentialtech.com>
cc: freebsd-questions@freebsd.org
Subject: Re: HOWTO Ping LAN???
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Aug 2004 08:27:33 -0000

This is a cryptographically signed message in MIME format.

--------------ms030102010901040902080004
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Thank you for your replies gentlemen, this post is a bit old, I have
already built my FreeBSD NAT box and configured IPFW...I am currently
building a new kernel configuration for the machine to include IPDIVERT,
IPFIREWALL and a few other system specific modifications.

If I have any questions concerning this issue, I will include you both
(Eric, Rich) in the list. Thanks

Eric Crist wrote:
| SEE BOTTOM
|
|>-----Original Message-----
|>From: owner-freebsd-questions@freebsd.org
|>[mailto:owner-freebsd-questions@freebsd.org] On Behalf Of
|>Rich Shinnick
|>Sent: Thursday, August 19, 2004 11:46 PM
|>To: 'Hakim Singhji'; 'Hakim Z. Singhji'; 'MatthewSeaman'
|>Cc: 'Bill Moran'; freebsd-questions@freebsd.org
|>Subject: RE: HOWTO Ping LAN???
|>
|>
|>Hakim,
|>
|>What you are trying to do is possible in two ways:
|>
|>1. SSH to the box, and tunnel to other internal machines
|>according to the tunnels you have set up. (See the last email
|>I sent). 2. Port forward connections from the Internet "thru"
|>the BSD to internal machines.
|>
|>Check these links: http://www.rootprompt.net/freebsd_firewall.html
|>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fire
|>walls.html
|>
|>
|>  _____
|>
|>From: Hakim Singhji [mailto:Hakim.Singhji@nychhc.org]
|>Sent: Thursday, July 29, 2004 10:27 AM
|>To: Hakim Z. Singhji; MatthewSeaman
|>Cc: Bill Moran; freebsd-questions@freebsd.org
|>Subject: Re: HOWTO Ping LAN???
|>
|>
|>Hi Matt,
|>
|>You say that the only way I will be able to connect to my
|>network is by tunneling.
|>This is not what I want to do, I thought I may be able to
|>SSH, Telnet, www, etc.
|>from the outside to my default gateway and have the gateway
|>pass SSH, Telnet,
|>www., or any other request to the machine on the private
|>network by including the
|>"localhost.defaultgateway.domain.org" or something to that affect.
|>
|>Does NAT Overloading only go one way???
|>
|>Hakim Z. Singhji
|>Coordinating Mgr. / Infection Control
|>718-245-3923
|>hakim.singhji@nychhc.org
|>
|>
|>>>>Matthew Seaman <m.seaman@infracaninophile.co.uk>
|>
|>7/29/2004 5:32:32
|>
|>>>>AM
|>>>>
|>
|>On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote:
|>
|>
|>>Figure 1
|>>
|>>***************
|>>* Internet *
|>>*24.199.1xx.xx*
|>>***************
|>>~ |
|>>~ |
|>>*************** **************
|>>* Defaut GW * __ __ *Kids Machine*
|>>*192.68.0.1 * *192.68.0.3 *
|>>FreeBSD 4.10 * * Mandrake 10*
|>>*************** **************
|>>~ |
|>>~ |
|>>*****************
|>>*Wrk Station1*
|>>*192.68.0.2 *
|>>*Redhat 9 *
|>>*****************
|>>
|>>This is a rough diagram of the network... I would like to
|>
|>ssh, ping,
|>
|>>etc. the machines behind the default gateway directly (without
|>>tunneling) from the outside the network (at work for
|>
|>example). Is this
|>
|>>possible and if so how do I config. Keep in mind that my default
|>>gateway is FreeBSD. I know this may be a complicated project but if
|>>you could help that would help me greatly. Many thanks to
|>
|>everyone in
|>
|>>advance.
|>
|>I'm afraid that's not going to be possible with your current
|>network layout. If you want all of your machines to be
|>accessible from the Internet, then you'll need routable
|>addresses on all of your machines.
|>
|>I know you've said you don't want to use tunnelling, but
|>unfortunately, that's the only way you can access a private
|>address space as you have from outside it. A relatively
|>simple way of doing that is to ssh into your gateway box, and
|>use the '-L' or '-R' portforwarding options to create a
|>tunnel to one of the internal machines, and then ssh or
|>otherwise connect through that tunnel: see eg.
|>
|
| http://www.linux.ie/articles/tutorials/ssh.php
|
| One other point: you're going to have problems if you're using
| 192.168.0.0 as the IP number on your FreeBSD machine. That's the
| *network* address, and shouldn't be applied directly to any specific
| machine. If you're running your internal network using 192.168.0.0/24 as
| the address space, then you have 254 addresses (from 192.168.0.1 to
| 192.168.0.254) to use for client machines, since 192.168.0.0 (network
| address) and 192.168.0.255 (broadcast address) are reserved as part of
| the networking setup.
|
| Cheers,
|
| Matthew
|
| --
| Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
| Savill Way
| PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
| Tel: +44 1628 476614 Bucks., SL7 1TH UK
|
|
| Hello,
|
| There is one real solution to this here.
|
| You could setup a DMZ to your Default Gateway.  If this is a Linksys
| Broadband Gateway, it's as simple as checking a box and typing in the
| private IP address.  This routes all incoming (non-statefull)
| connections to this host.  Since your IP changes, use a dynamic DNS
| service such as no-ip.org(sp?) or tzo.com.  I've used TZO.com,
| personally, then I just got DSL with a /29 static IP address allocation.
| This should work without issue, unless your DMZ firewall rules prevent
| it.  I would need more information to let you know.
|
| HTH
|
| Eric F Crist
| Best Access Systems
| 11300 Rupp Dr. Burnsville, MN 55337
| Phone: 952.894.3830
| Cell: 612.998.3588
| Fax: 952-894-1990
|
|
|
| _______________________________________________
| freebsd-questions@freebsd.org mailing list
| http://lists.freebsd.org/mailman/listinfo/freebsd-questions
| To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBJbYRlT9WV6TztkoRAgUhAJ9jgGuS9xXGNH5XzwXmku2w6PheWwCdFPed
3MXw5ZImQrd9oFKT25Imwpk=
=HqoR
-----END PGP SIGNATURE-----

--------------ms030102010901040902080004
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJDzCC
AuIwggJLoAMCAQICAwzf9TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwODE3MDQzMjQxWhcNMDUwODE3MDQzMjQx
WjBZMRAwDgYDVQQEEwdTaW5naGppMQ4wDAYDVQQqEwVIYWtpbTEWMBQGA1UEAxMNSGFraW0g
U2luZ2hqaTEdMBsGCSqGSIb3DQEJARYOaHpzMjAyQG55dS5lZHUwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC9pmsNb3K2cmv2D9UdEPh5tWoLMl5PbyjBxTTfur8kSUrsNWDW
jUxoatlbnC/o2UOLsj9dU9FcRW0SMTJfEsPqBkoTAodlpOQBkIzpTGojogpAGxkYm1fbWcWH
v0/OhCJ6F7VeJOmgjF0FS0lsCnUUEBNoEGMNWdVB8gOyn3oLfNKbzZ3d8HZpFUaxfN7csPtd
CFMH8vBXcTVjMGgW2yHzwv9iuyNDOI7UOfA4vZPBe5Uwlu6XbPCR0Epfam+pAU1oQLQTVwwS
o1+acYl2wWDCjVRmTamHJ1BngXKjGouJJNqUMcjUC4X5tc3a2sfYBnrc5Y5DlJ0RMT6OYRfU
JnhLAgMBAAGjKzApMBkGA1UdEQQSMBCBDmh6czIwMkBueXUuZWR1MAwGA1UdEwEB/wQCMAAw
DQYJKoZIhvcNAQEEBQADgYEAhK4ZbgBhZZgdDOP+YzUgSi0wftA6pq0iCptMPKitxYb3ZSOG
KS1UyigRJUJX/F1Z0bCthSQejuvX6PknCW18FP9Is4McuXshemH9pOuLk5WbEf4N1gVs/3jO
Ky3q7/NZfH8PvOFPQwDCv5tQUJPAPr2ca5XU4P122u4MEOksAHgwggLiMIICS6ADAgECAgMM
3/UwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25z
dWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJ
c3N1aW5nIENBMB4XDTA0MDgxNzA0MzI0MVoXDTA1MDgxNzA0MzI0MVowWTEQMA4GA1UEBBMH
U2luZ2hqaTEOMAwGA1UEKhMFSGFraW0xFjAUBgNVBAMTDUhha2ltIFNpbmdoamkxHTAbBgkq
hkiG9w0BCQEWDmh6czIwMkBueXUuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvaZrDW9ytnJr9g/VHRD4ebVqCzJeT28owcU037q/JElK7DVg1o1MaGrZW5wv6NlDi7I/
XVPRXEVtEjEyXxLD6gZKEwKHZaTkAZCM6UxqI6IKQBsZGJtX21nFh79PzoQiehe1XiTpoIxd
BUtJbAp1FBATaBBjDVnVQfIDsp96C3zSm82d3fB2aRVGsXze3LD7XQhTB/LwV3E1YzBoFtsh
88L/YrsjQziO1DnwOL2TwXuVMJbul2zwkdBKX2pvqQFNaEC0E1cMEqNfmnGJdsFgwo1UZk2p
hydQZ4FyoxqLiSTalDHI1AuF+bXN2trH2AZ63OWOQ5SdETE+jmEX1CZ4SwIDAQABoyswKTAZ
BgNVHREEEjAQgQ5oenMyMDJAbnl1LmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUA
A4GBAISuGW4AYWWYHQzj/mM1IEotMH7QOqatIgqbTDyorcWG92UjhiktVMooESVCV/xdWdGw
rYUkHo7r1+j5JwltfBT/SLODHLl7IXph/aTri5OVmxH+DdYFbP94zist6u/zWXx/D7zhT0MA
wr+bUFCTwD69nGuV1OD9dtruDBDpLAB4MIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUF
ADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw
ZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNh
dGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4X
DTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoT
HFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25h
bCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxV
c1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J
8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9I
BH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0f
BDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1h
aWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRl
TGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aU
nX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3d
qZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAzsw
ggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ
dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB
AgMM3/UwCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG
9w0BCQUxDxcNMDQwODIwMDgyODAyWjAjBgkqhkiG9w0BCQQxFgQU6zb1zLzenCNySJCfNKli
wiFpA0kwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYI
KoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYBBAGCNxAEMWswaTBi
MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEs
MCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwzf9TB6Bgsq
hkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0
aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1
aW5nIENBAgMM3/UwDQYJKoZIhvcNAQEBBQAEggEAhN/7scDmDXySP5lwtErLGtG9FJuy+O7x
NGWOj6Huo079D+jFWWB0uwV7TA5TCjS+qBSzwgYowc2JD3t2nz3ilHr0h/D7JyXLjqKDoFQa
kw1fPCJmCbv4qg/t56EnMiJvHznfhknNdrNdxJI8fR6EiqUZXVAx66QQ/VEJnUSoWRLNJv61
WAaKLSfJQYgoRnYz+mqVS9ybtOIoqLrdAxa+vTWC3fTtmsZe6LOzDy8BZaEwRK6XVhnq0LbT
6Vr19ewziHTteXds52NuZy5aQ6iN71zi7+xZYvNCPJUAo329kuzZaGWyV2AISltwnR7YaMXy
eW1bTEoVgwz0sy8+YnlcjAAAAAAAAA==
--------------ms030102010901040902080004--