Date: Sun, 13 Oct 2002 09:25:31 -0700 From: Nathan Kinkade <nkinkade@sub21-156.member.dsl-only.net> To: questions@freebsd.org Subject: Re: Because of NAT? Message-ID: <20021013162531.GA25313@sub21-156.member.dsl-only.net> In-Reply-To: <20021013162359.2a31f584.johann@broadpark.no> References: <20021013162359.2a31f584.johann@broadpark.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 13, 2002 at 04:23:59PM +0200, Janine C.Buorditez wrote: > Hi. > > My network is like this: > > Name: Cisco 677i-DIR (ADSL-router/modem) > IP: 217.13.29.51 > | > v > Name: Ninja (FreeBSD) > IP: 192.168.187.1 > | > v > Name: Aegis (FreeBSD) > IP: 192.168.187.2 > > The Cisco router runs CBOS and apparently NAT. I have forwarded these ports to > Ninja. The address 10.0.0.2 (somehow it has to be that address) goes to Ninja's > lnc0. no, the address does not have to be 10.0.0.2, it should be the address of whichever machine on this inside you want the packets forwarded to. what is the inside-address on your 677? possibly the router will not let you forward to a address on a different network than one of it's inside addresses? > set nat entry add 10.0.0.2 22 0.0.0.0 22 tcp > set nat entry add 10.0.0.2 25 0.0.0.0 25 tcp > set nat entry add 10.0.0.2 80 0.0.0.0 80 tcp > set nat entry add 10.0.0.2 53 0.0.0.0 53 tcp > set nat entry add 10.0.0.2 113 0.0.0.0 113 tcp > set nat entry add 10.0.0.2 1024-5000 0.0.0.0 1024-5000 tcp > set nat entry add 10.0.0.2 31337 0.0.0.0 31337 tcp why are you opening up ports 53 and 1024-5000? unless you have specific processes listening on port within those ranges you probably shouldn't open them. > This should cover most things, shouldn't it? However I'm concerned the use of NAT > on my router and boxes has stirred shit up. For instance, I can only connect to > my OpenFTPD (on 31337) site locally. Connecting remotely gives me: right, your NAT entry is pointing to some non-existant host at 10.0.0.2. it should be pointing to one of the boxes with a 192.168.187.x address - the one with FTPD running. which, by the way, bring up the issue that are not forwarding FTP - port 21 - anywhere. certainly nothing will get through with this setup. > lftp test@ninja.terrabionic.com:~> ls > ---- Connecting to ninja.terrabionic.com (217.13.29.51) port 31337 > **** Socket error (Connection timed out) - reconnecting > > Also I've been hearing people not getting ident requests from me. > > This can not be a BIND issue can it? I find it odd why my hostname sometimes > doesn't resolve on EFNet, but on all the other networks I'm on. > > NAT, it seems, has really made networking a lot harder for me than what I > deserve. I hope somebody understands my situation and are able to give useful > replies. no, NAT(or PAT in this case) is your friend. it saves you money, and it adds a certain level of security. sounds like you need to read up more on CBOS and NAT/PAT. This guy has some useful instructions on setting up your Cisco. I think he's talking about a 675 or 678, but it will probably still apply to you case: http://www.users.qwest.net/~rlutton/ADSL/ Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021013162531.GA25313>