From owner-freebsd-ipfw Mon Sep 10 10:13: 7 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id BDEBD37B40B for ; Mon, 10 Sep 2001 10:13:00 -0700 (PDT) Received: (qmail 15148 invoked from network); 10 Sep 2001 17:12:24 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 10 Sep 2001 17:12:24 -0000 Message-ID: <003301c13a1b$d654bc50$0d00a8c0@alexus> From: "alexus" To: References: <005501c136fc$73e8f530$0d00a8c0@alexus> <20010906205502.B72023@sunbay.com> Subject: Re: ipfw w/ port routing form telnet port to ssh Date: Mon, 10 Sep 2001 13:12:57 -0400 Organization: NexGen MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG could you help me? ----- Original Message ----- From: "Ruslan Ermilov" To: "alexus" Cc: Sent: Thursday, September 06, 2001 1:55 PM Subject: Re: ipfw w/ port routing form telnet port to ssh > On Thu, Sep 06, 2001 at 01:50:44PM -0400, alexus wrote: > > hi > > > > i'm trying to secure my box as much as i can, but i've been told that it's > > not a very good idea to leave telnet open, i understand this is transmit > > text it clear text, but one of my user can't use port 22 due to his behind > > firewall, my question is: > > > > is it possible to make ipfw to transfer all data between ports on same ip? > > but i want that rule to be applyed for one ip only > > > > basically what i want to accomplished with this is whenever he'll telnet to > > my box he'll route to port 22, even though he'll still be connected to port > > 23, i'll just tell him to use ssh client instead > > > This could be done in a number of different ways. > With ipfw(8)'s `fwd' option, or with natd(8). > > > Cheers, > -- > Ruslan Ermilov Oracle Developer/DBA, > ru@sunbay.com Sunbay Software AG, > ru@FreeBSD.org FreeBSD committer, > +380.652.512.251 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Sep 12 12:45:12 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id CF86637B40A for ; Wed, 12 Sep 2001 12:45:02 -0700 (PDT) Received: (qmail 43597 invoked from network); 12 Sep 2001 19:44:34 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 12 Sep 2001 19:44:34 -0000 Message-ID: <000701c13bc3$66c6f160$0d00a8c0@alexus> From: "alexus" To: Subject: port forwarding through natd and/or ipfw Date: Wed, 12 Sep 2001 15:44:56 -0400 Organization: NexGen MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi My goal is to access my Windows XP workstation that is behind N.A.T. FreeBSD box's firewall I've tried two ways and didn't succeed on any of them:( i was hoping some of you will help me to figure out what went wrong my public ip address is 66.92.98.145 and internal ip is 192.168.0.13 port that my XP workstation listens on is 3389r here is form XP (part from netstat) TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING so it *is* listening.. first i've tryed through natd su-2.05# grep 3389 /etc/natd.conf redirect_port tcp 192.168.0.13:3389 3389 su-2.05# ps auxww|grep natd root 69679 0.0 0.1 1096 640 p1 S+ 3:37PM 0:00.00 grep natd root 165 0.0 0.1 592 384 ?? Ss 9:24PM 1:30.78 /sbin/natd -u -f /etc/natd.conf -n fxp0 su-2.05# that didn't worked:( then i've tryed through firewall (ipfw) 00333 6 288 fwd 66.92.98.145,3389 tcp from any to 192.168.0.13 3389 this was a little bit more suscess then others due to at least this rule was matched .. but i didn't get to my XP workstation:( i *did* enabled firewall in kernel su-2.05# grep FIREWALL box options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about options IPFIREWALL_VERBOSE_LIMIT=10 #limit verbosity options IPFIREWALL_FORWARD #enable transparent proxy support su-2.05# any help/comments/recommendation would be a very much appreciated thanks in advance To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Sep 12 14:28: 3 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from elvis.mu.org (elvis.mu.org [216.33.66.196]) by hub.freebsd.org (Postfix) with ESMTP id 5870D37B40B; Wed, 12 Sep 2001 14:27:55 -0700 (PDT) Received: by elvis.mu.org (Postfix, from userid 1098) id 0E57781D05; Wed, 12 Sep 2001 16:27:50 -0500 (CDT) Date: Wed, 12 Sep 2001 16:27:50 -0500 From: Bill Fumerola To: alexus Cc: freebsd-ipfw@freebsd.org Subject: Re: port forwarding through natd and/or ipfw Message-ID: <20010912162749.D826@elvis.mu.org> References: <000701c13bc3$66c6f160$0d00a8c0@alexus> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000701c13bc3$66c6f160$0d00a8c0@alexus>; from ml@db.nexgen.com on Wed, Sep 12, 2001 at 03:44:56PM -0400 X-Operating-System: FreeBSD 4.4-FEARSOME-20010909 i386 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Sep 12, 2001 at 03:44:56PM -0400, alexus wrote: > 00333 6 288 fwd 66.92.98.145,3389 tcp from any to 192.168.0.13 > 3389 > > this was a little bit more suscess then others due to at least this rule was > matched .. but i didn't get to my XP workstation:( fwd just changes the nexthop (changes the routing decision). it doesn't rewrite ports or addresses. you need natd & -redirect_port for that. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message