From owner-freebsd-questions Wed Jan 10 5:30:31 2001 Delivered-To: freebsd-questions@freebsd.org Received: from ra.upan.org (upan.org [204.107.76.19]) by hub.freebsd.org (Postfix) with ESMTP id 662A837B404 for ; Wed, 10 Jan 2001 05:30:09 -0800 (PST) Received: from ocsinternet.com (localhost.upan.org [127.0.0.1]) by ra.upan.org (8.11.1/8.11.1) with ESMTP id f0A8U8110364; Wed, 10 Jan 2001 08:30:08 GMT (envelope-from mikel@ocsinternet.com) Message-ID: <3A5C1D90.8A8E63E5@ocsinternet.com> Date: Wed, 10 Jan 2001 08:30:08 +0000 From: Mikel King X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Stefan Molnar Cc: "freebsd-questions@FreeBSD.ORG" Subject: Re: more re: stupid NATD tricks... References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Last night I did a make buildworld etc...and now atleast the following works... interface fxp0 redirect_address 10.0.0.8 208.239.172.50 but the redirect_port...does not...yet...;) Thanks again to ALL for taking the time to help check my sanity...;) cheers, Mikel Stefan Molnar wrote: > The only thing I can think of then is the alias address is not on the > same subnet as the primary interface. I am running static nat on ipfw > today, but all my aliases are on the same subnet. > > Since all the ipfw rules are correct, the natd.conf looks happy. > > On Tue, 9 Jan 2001, Mikel King wrote: > > > My apologies for not including the rc.conf...but I have; > > > > ifconfig_fxp0_alias0="inet 208.239.172.50 netmask 0xffffffff" > > > > ifconfig fxp0 > > > > fxp0: flags=8843 mtu 1500 > > inet 204.107.76.181 netmask 0xffffff00 broadcast 204.107.76.255 > > inet6 fe80::203:47ff:fe12:3c51%fxp0 prefixlen 64 scopeid 0x1 > > inet 208.239.172.50 netmask 0xffffffff broadcast 208.239.172.50 > > ether 00:03:47:12:3c:51 > > media: autoselect (100baseTX ) status: active > > supported media: autoselect 100baseTX 100baseTX > > 10baseT/UTP 10baseT/UTP > > > > Thanks, though it was a good try... > > > > I also forgot to mention I'm running 4.2r... > > > > cheers, > > mikel > > > > Stefan Molnar wrote: > > > > > Here is the one thing you have not done. Make an alias interface on the > > > external address. Your external interface needs to lissen and anwser > > > for all static nat translations. > > > > > > On Tue, 9 Jan 2001, Mikel King wrote: > > > > > > > Greetings all; > > > > > > > > Ok I'm running this question again, because I've already read and > > > > reread everything I can find on the subject. I am trying to get static > > > > NAT working. NATD is working normally, my inside machines can traceroute > > > > and surf and nslookup etc...I know there must be something stupid I've > > > > overlooked > > > > > > > > From the outside I've tried simply telneting to the ouside IP on > > > > port 80 from another outside device (...NOTE this works fine from the FW > > > > directly to the inside machine...so I can verify that the http requests > > > > are being answered) and I get the following: > > > > > > > > Trying 204.107.76.181... > > > > telnet: connect to address 204.107.76.181: Connection refused > > > > telnet: Unable to connect to remote host > > > > > > > > If I remove the redirect_port and put redirect_address 10.0.0.77 > > > > 208.239.172.50 instead then I get the following; > > > > > > > > telnet 208.239.172.50 80 > > > > Trying 208.239.172.50... > > > > telnet: connect to address 208.239.172.50: Operation timed out > > > > telnet: Unable to connect to remote host > > > > > > > > Remember 10.0.0.77 surfs out through this box fine, and other > > > > workstations on the backnet and surf to 10.0.0.77 without a problem. > > > > > > > > Thank in advance for any help. > > > > > > > > Cheers, > > > > Mikel > > > > > > > > ***************** CONFIGURATION FILES etc... > > > > > > > > cli: > > > > /sbin/natd -f /etc/rc.natd > > > > > > > > rc.natd: > > > > interface fxp0 > > > > use_sockets > > > > same_ports > > > > unregistered_only #I've tried it with and > > > > with out this one... > > > > redirect_port tcp 10.0.0.77:80 80 #This should redirect any HTTP > > > > request from the outside to the in... > > > > redirect_port tcp 10.0.0.2:23 23 > > > > log > > > > > > > > #other rules that i've tried... > > > > #redirect_port tcp 10.0.0.77:80 208.239.172.50:80 > > > > #redirect_address 10.0.0.77 208.239.172.50 > > > > > > > > rc.firewall: > > > > ############ > > > > # Setup system for firewall service. > > > > # $FreeBSD: src/etc/rc.firewall,v 1.30 2000/02/06 19:24:37 paul Exp $ > > > > > > > > # Suck in the configuration variables. > > > > if [ -r /etc/defaults/rc.conf ]; then > > > > . /etc/defaults/rc.conf > > > > elif [ -r /etc/rc.conf ]; then > > > > . /etc/rc.conf > > > > fi > > > > > > > > fwcmd="/sbin/ipfw" > > > > nif="fxp0" > > > > iif="rl0" > > > > ${fwcmd} -f flush > > > > ${fwcmd} add divert natd all from any to any via ${nif} > > > > ${fwcmd} add pass ip from any to any > > > > ${fwcmd} add deny log all from any to any > > > > > > > > ipfw show: > > > > 00100 15537 1416950 divert 8668 ip from any to any via fxp0 > > > > 00200 16707 1550670 allow ip from any to any > > > > 00300 0 0 deny log logamount 100 ip from any to any > > > > 65535 0 0 deny ip from any to any > > > > > > > > kernel conf: > > > > options IPFIREWALL > > > > options IPFIREWALL_VERBOSE > > > > options IPFIREWALL_VERBOSE_LIMIT=100 > > > > options IPDIVERT > > > > options ICMP_BANDLIM > > > > > > > > ps ax (excert): > > > > 140 ?? Ss 0:00.25 syslogd -s > > > > 161 ?? Ss 0:00.28 cron > > > > 164 ?? Is 0:00.54 /usr/sbin/sshd > > > > 166 ?? Ss 0:00.13 /usr/sbin/usbd > > > > 204 ?? Is 0:00.01 /usr/local/sbin/xinetd -pid > > > > 237 ?? Ss 0:01.26 /sbin/natd -f /etc/rc.natd > > > > > > > > netstat -rn: > > > > Routing tables > > > > Internet: > > > > Destination Gateway Flags Refs Use Netif > > > > Expire > > > > default 204.107.76.1 UGSc 0 0 fxp0 > > > > 10/24 link#2 UC 0 0 rl0 => > > > > > > > > 10.0.0.77 link#2 UHLW 1 8 rl0 => > > > > > > > > 127.0.0.1 127.0.0.1 UH 0 4 lo0 > > > > 204.107.76 link#1 UC 0 0 fxp0 => > > > > > > > > 204.107.76.1 0:e0:1e:e9:ad:1 UHLW 1 0 fxp0 > > > > 858 > > > > 204.107.76.19 0:e0:29:84:d0:4b UHLW 2 1864 fxp0 > > > > 945 > > > > 204.107.76.111 0:10:4b:14:a7:63 UHLW 0 60 fxp0 > > > > 859 > > > > 204.107.76.181 0:3:47:12:3c:51 UHLW 0 8 lo0 > > > > 208.239.172.50 0:3:47:12:3c:51 UHLS 0 0 lo0 => > > > > > > > > 208.239.172.50/32 link#1 UC 0 0 fxp0 => > > > > > > > > Internet6: > > > > Destination Gateway > > > > Flags Neti$::1 > > > > ::1 UH lo0 > > > > fe80::%fxp0/64 link#1 > > > > UC fxp0 > > > > fe80::%rl0/64 link#2 > > > > UC rl0 > > > > fe80::%lo0/64 fe80::1%lo0 > > > > Uc lo0 > > > > ff01::/32 ::1 > > > > U lo0 > > > > ff02::%fxp0/32 link#1 > > > > UC fxp0 > > > > ff02::%rl0/32 link#2 > > > > UC rl0 > > > > ff02::%lo0/32 fe80::1%lo0 > > > > UC lo0 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message