Date: Wed, 10 Jan 2001 08:30:08 +0000 From: Mikel King <mikel@ocsinternet.com> To: Stefan Molnar <stefan@csudsu.com> Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: more re: stupid NATD tricks... Message-ID: <3A5C1D90.8A8E63E5@ocsinternet.com> References: <Pine.BSF.4.31.0101091434270.18315-100000@digital.csudsu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Last night I did a make buildworld etc...and now atleast the following works...
interface fxp0
redirect_address 10.0.0.8 208.239.172.50
but the redirect_port...does not...yet...;)
Thanks again to ALL for taking the time to help check my sanity...;)
cheers,
Mikel
Stefan Molnar wrote:
> The only thing I can think of then is the alias address is not on the
> same subnet as the primary interface.  I am running static nat on ipfw
> today, but all my aliases are on the same subnet.
>
> Since all the ipfw rules are correct, the natd.conf looks happy.
>
> On Tue, 9 Jan 2001, Mikel King wrote:
>
> > My apologies for not including the rc.conf...but I have;
> >
> >     ifconfig_fxp0_alias0="inet 208.239.172.50 netmask 0xffffffff"
> >
> > ifconfig  fxp0
> >
> >         fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >          inet 204.107.76.181 netmask 0xffffff00 broadcast 204.107.76.255
> >          inet6 fe80::203:47ff:fe12:3c51%fxp0 prefixlen 64 scopeid 0x1
> >          inet 208.239.172.50 netmask 0xffffffff broadcast 208.239.172.50
> >          ether 00:03:47:12:3c:51
> >          media: autoselect (100baseTX <full-duplex>) status: active
> >          supported media: autoselect 100baseTX <full-duplex> 100baseTX
> > 10baseT/UTP <full-duplex> 10baseT/UTP
> >
> > Thanks, though it was a good try...
> >
> > I also forgot to mention I'm running 4.2r...
> >
> > cheers,
> > mikel
> >
> > Stefan Molnar wrote:
> >
> > > Here is the one thing you have not done.  Make an alias interface on the
> > > external address.   Your external interface needs to lissen and anwser
> > > for all static nat translations.
> > >
> > > On Tue, 9 Jan 2001, Mikel King wrote:
> > >
> > > > Greetings all;
> > > >
> > > >     Ok I'm running this question again, because I've already read and
> > > > reread everything I can find on the subject. I am trying to get static
> > > > NAT working. NATD is working normally, my inside machines can traceroute
> > > > and surf and nslookup etc...I know there must be something stupid I've
> > > > overlooked
> > > >
> > > >     From the outside I've tried simply telneting to the ouside IP on
> > > > port 80 from another outside device (...NOTE this works fine from the FW
> > > > directly to the inside machine...so I can verify that the http requests
> > > > are being answered) and I get the following:
> > > >
> > > >         Trying 204.107.76.181...
> > > >         telnet: connect to address 204.107.76.181: Connection refused
> > > >         telnet: Unable to connect to remote host
> > > >
> > > >     If I remove the redirect_port and put redirect_address 10.0.0.77
> > > > 208.239.172.50 instead then I get the following;
> > > >
> > > >          telnet 208.239.172.50 80
> > > >         Trying 208.239.172.50...
> > > >         telnet: connect to address 208.239.172.50: Operation timed out
> > > >         telnet: Unable to connect to remote host
> > > >
> > > >     Remember 10.0.0.77 surfs out through this box fine, and other
> > > > workstations on the backnet and surf to 10.0.0.77 without a problem.
> > > >
> > > >     Thank in advance for any help.
> > > >
> > > > Cheers,
> > > > Mikel
> > > >
> > > > ***************** CONFIGURATION FILES etc...
> > > >
> > > > cli:
> > > > /sbin/natd -f /etc/rc.natd
> > > >
> > > > rc.natd:
> > > > interface fxp0
> > > > use_sockets
> > > > same_ports
> > > > unregistered_only                               #I've  tried it with and
> > > > with out this one...
> > > > redirect_port tcp 10.0.0.77:80 80    #This should redirect any HTTP
> > > > request from the outside to the in...
> > > > redirect_port tcp 10.0.0.2:23 23
> > > > log
> > > >
> > > >  #other rules that i've tried...
> > > > #redirect_port tcp 10.0.0.77:80 208.239.172.50:80
> > > > #redirect_address 10.0.0.77 208.239.172.50
> > > >
> > > > rc.firewall:
> > > > ############
> > > > # Setup system for firewall service.
> > > > # $FreeBSD: src/etc/rc.firewall,v 1.30 2000/02/06 19:24:37 paul Exp $
> > > >
> > > > # Suck in the configuration variables.
> > > > if [ -r /etc/defaults/rc.conf ]; then
> > > >  . /etc/defaults/rc.conf
> > > > elif [ -r /etc/rc.conf ]; then
> > > >  . /etc/rc.conf
> > > > fi
> > > >
> > > > fwcmd="/sbin/ipfw"
> > > > nif="fxp0"
> > > > iif="rl0"
> > > > ${fwcmd} -f flush
> > > > ${fwcmd} add divert natd all from any to any via ${nif}
> > > > ${fwcmd} add pass ip from any to any
> > > > ${fwcmd} add deny log all from any to any
> > > >
> > > > ipfw show:
> > > > 00100 15537 1416950 divert 8668 ip from any to any via fxp0
> > > > 00200 16707 1550670 allow ip from any to any
> > > > 00300     0       0 deny log logamount 100 ip from any to any
> > > > 65535     0       0 deny ip from any to any
> > > >
> > > > kernel conf:
> > > > options         IPFIREWALL
> > > > options         IPFIREWALL_VERBOSE
> > > > options         IPFIREWALL_VERBOSE_LIMIT=100
> > > > options         IPDIVERT
> > > > options         ICMP_BANDLIM
> > > >
> > > > ps ax (excert):
> > > >   140  ??  Ss     0:00.25 syslogd -s
> > > >   161  ??  Ss     0:00.28 cron
> > > >   164  ??  Is     0:00.54 /usr/sbin/sshd
> > > >   166  ??  Ss     0:00.13 /usr/sbin/usbd
> > > >   204  ??  Is     0:00.01 /usr/local/sbin/xinetd -pid
> > > >   237  ??  Ss     0:01.26 /sbin/natd -f /etc/rc.natd
> > > >
> > > > netstat -rn:
> > > > Routing tables
> > > > Internet:
> > > > Destination        Gateway            Flags     Refs     Use     Netif
> > > > Expire
> > > > default            204.107.76.1       UGSc        0        0     fxp0
> > > > 10/24              link#2             UC          0        0      rl0 =>
> > > >
> > > > 10.0.0.77          link#2             UHLW        1        8      rl0 =>
> > > >
> > > > 127.0.0.1          127.0.0.1          UH          0        4      lo0
> > > > 204.107.76         link#1             UC          0        0     fxp0 =>
> > > >
> > > > 204.107.76.1       0:e0:1e:e9:ad:1    UHLW        1        0     fxp0
> > > > 858
> > > > 204.107.76.19      0:e0:29:84:d0:4b   UHLW        2     1864     fxp0
> > > > 945
> > > > 204.107.76.111     0:10:4b:14:a7:63   UHLW        0       60     fxp0
> > > > 859
> > > > 204.107.76.181     0:3:47:12:3c:51    UHLW        0        8      lo0
> > > > 208.239.172.50     0:3:47:12:3c:51    UHLS        0        0      lo0 =>
> > > >
> > > > 208.239.172.50/32  link#1             UC          0        0     fxp0 =>
> > > >
> > > > Internet6:
> > > > Destination                       Gateway
> > > > Flags      Neti$::1
> > > > ::1                           UH          lo0
> > > > fe80::%fxp0/64                    link#1
> > > > UC         fxp0
> > > > fe80::%rl0/64                     link#2
> > > > UC          rl0
> > > > fe80::%lo0/64                     fe80::1%lo0
> > > > Uc          lo0
> > > > ff01::/32                         ::1
> > > > U           lo0
> > > > ff02::%fxp0/32                    link#1
> > > > UC         fxp0
> > > > ff02::%rl0/32                     link#2
> > > > UC          rl0
> > > > ff02::%lo0/32                     fe80::1%lo0
> > > > UC          lo0
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > with "unsubscribe freebsd-questions" in the body of the message
> > > >
> > > >
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
> >
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5C1D90.8A8E63E5>
