Date: Tue, 28 Aug 2001 22:18:31 -0500 From: David Kelly <dkelly@hiwaay.net> To: Nick Rogness <nick@rogness.net> Cc: Joel Rosenberg <thisisjoel@hotmail.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Forwarding packets from the internal network Message-ID: <200108290318.f7T3IVw72618@grumpy.dyndns.org> In-Reply-To: Message from Nick Rogness <nick@rogness.net> of "Tue, 28 Aug 2001 19:46:07 CDT." <Pine.BSF.4.21.0108281940510.67736-100000@cody.jharris.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nick Rogness writes: > On Tue, 28 Aug 2001, Joel Rosenberg wrote: > > > I'm in the process of setting up a network and have run into some > > problems. I have two devices on my network (IP's 192.168.1.20 and > > 192.168.1.21) that are accessed via port 80 (non changeable). Right > > now, I have all traffic sent to my firewall (I only have one real IP) > > on port 80 forwarded to 192.168.1.20:80 and all the traffic to 81 sent > > to 192.168.1.21:80 via natd. The problem is, when a connection from > > the outside is made to 192.168.1.21, it responds by trying to open a > > new connection on port 80. When the outside computer connects, the > > firewall forwards the now-port-80 connection to 192.168.1.20, leaving > > no way of reaching 192.168.1.21. I've tried forwarding traffic from > > higher ports to internal machines (ie ssh) with success, so I can only > > assume that when 192.168.1.21 gets a request, in opens up a new > > connection, thereby losing the original :81->192.168.1.21:80 > > forwarding. > > Is there any way I can set up the firewall so that all outgoing > > traffic from 192.168.1.21:80 leaves the firewall on port 81? > > You can try the -same_ports option to natd. I'm confused by the description above as to whether or not 192.168.1.21 is trying to connect outside on port 80 and that one replies back to 80 or what? If this is a case of two web servers on one IP address being split by port number then I'd say the 192.168.1.21 server is telling the remote client to use port 80 for the followup. If so then its either something in the server or the served html. I don't understand why 192.168.1.21's http server can't be told to run on port 81 in the first place? -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108290318.f7T3IVw72618>