Date: Wed, 17 Nov 1999 21:13:39 -0800 (PST) From: Sean Noonan <snoonan@cx952600-a.fed1.sdca.home.com> To: questions@freebsd.org Subject: PC Anywhere redirection via NAT [still] Message-ID: <Pine.BSF.4.10.9911172111110.681-100000@cx952600-a.fed1.sdca.home.com>
next in thread | raw e-mail | index | archive | help
Hi everyone, I posted this a few weeks ago and got a few answers, but none of them were fruitful (thanks to all replied though). I am reposting with as much background information and detail as I can in hopes that someone can assist me. Setup: 3.3-RELEASE cvsup'd about a month ago. Cable modem, dual NICs, RFC 1918 net (192.168.1.0/24). Running IPFW, gated, NAT. Everything works great but... Problem: Want to redirect PC Anywhere traffic from gateway to NT box on internal net (192.168.1.2). From documentation /sniffer I can tell that PC Anywhere uses UDP "ports" 22 and 5632 and TCP port 5631. I think I have NAT setup properly but for the life of me I can't get my NT box to see any traffic when I attempt a connection via NAT. Here's my details (sorry for the length): *********************************************************** /etc/rc.conf gateway_enable="YES" firewall_enable="YES" firewall_type="simple" natd_enable="YES" natd_flags="-config /etc/natd.conf -log -use_sockets (wrap continued) -same_ports -dynamic" natd_interface="xl1" *********************************************************** /etc/natd.conf redirect_port udp 192.168.1.2:22 22 redirect_port tcp 192.168.1.2:5631 5631 redirect_port udp 192.168.1.2:5632 5632 *********************************************************** /var/log/alias.log (after a recent test session) PacketAlias/InitPacketAliasLog: Packet alias logging enabled. icmp=0, udp=4, tcp=3, frag_id=0 frag_ptr=0 / tot=7 (sock=0) icmp=0, udp=5, tcp=3, frag_id=0 frag_ptr=0 / tot=8 (sock=0) icmp=0, udp=6, tcp=3, frag_id=0 frag_ptr=0 / tot=9 (sock=0) icmp=0, udp=6, tcp=4, frag_id=0 frag_ptr=0 / tot=10 (sock=0) icmp=0, udp=6, tcp=5, frag_id=0 frag_ptr=0 / tot=11 (sock=0) icmp=0, udp=5, tcp=5, frag_id=0 frag_ptr=0 / tot=10 (sock=0) icmp=0, udp=6, tcp=5, frag_id=0 frag_ptr=0 / tot=11 (sock=0) icmp=0, udp=6, tcp=4, frag_id=0 frag_ptr=0 / tot=10 (sock=0) icmp=0, udp=5, tcp=4, frag_id=0 frag_ptr=0 / tot=9 (sock=0) icmp=0, udp=6, tcp=4, frag_id=0 frag_ptr=0 / tot=10 (sock=0) icmp=0, udp=5, tcp=4, frag_id=0 frag_ptr=0 / tot=9 (sock=0) icmp=0, udp=4, tcp=4, frag_id=0 frag_ptr=0 / tot=8 (sock=0) icmp=0, udp=4, tcp=5, frag_id=0 frag_ptr=0 / tot=9 (sock=0) icmp=0, udp=4, tcp=6, frag_id=0 frag_ptr=0 / tot=10 (sock=0) icmp=0, udp=4, tcp=5, frag_id=0 frag_ptr=0 / tot=9 (sock=0) icmp=0, udp=4, tcp=6, frag_id=0 frag_ptr=0 / tot=10 (sock=0) icmp=0, udp=4, tcp=7, frag_id=0 frag_ptr=0 / tot=11 (sock=0) icmp=0, udp=3, tcp=7, frag_id=0 frag_ptr=0 / tot=10 (sock=0) icmp=0, udp=3, tcp=8, frag_id=0 frag_ptr=0 / tot=11 (sock=0) icmp=0, udp=3, tcp=9, frag_id=0 frag_ptr=0 / tot=12 (sock=0) icmp=0, udp=4, tcp=9, frag_id=0 frag_ptr=0 / tot=13 (sock=0) icmp=0, udp=4, tcp=8, frag_id=0 frag_ptr=0 / tot=12 (sock=0) icmp=0, udp=4, tcp=9, frag_id=0 frag_ptr=0 / tot=13 (sock=0) icmp=0, udp=4, tcp=10, frag_id=0 frag_ptr=0 / tot=14 (sock=0) icmp=0, udp=4, tcp=9, frag_id=0 frag_ptr=0 / tot=13 (sock=0) icmp=0, udp=4, tcp=10, frag_id=0 frag_ptr=0 / tot=14 (sock=0) icmp=0, udp=4, tcp=11, frag_id=0 frag_ptr=0 / tot=15 (sock=0) icmp=0, udp=4, tcp=10, frag_id=0 frag_ptr=0 / tot=14 (sock=0) icmp=0, udp=4, tcp=9, frag_id=0 frag_ptr=0 / tot=13 (sock=0) icmp=0, udp=3, tcp=9, frag_id=0 frag_ptr=0 / tot=12 (sock=0) icmp=0, udp=3, tcp=10, frag_id=0 frag_ptr=0 / tot=13 (sock=0) icmp=0, udp=3, tcp=11, frag_id=0 frag_ptr=0 / tot=14 (sock=0) *********************************************************** Compiled KERNEL Options: # IPFW setup options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_FORWARD options "IPFIREWALL_VERBOSE_LIMIT=1000" # NAT setup options IPDIVERT *********************************************************** /etc/services . . natd 8668/divert # Network Address Translation . . *********************************************************** Things I've tried to get MS' Network Monitor to see the traffic: 1. Lightened up on my firewall rules. Heck, even added this rule for testing purposes: ipfw add 101 allow ip from any to any I added this rule right after rule 100, the "divert" rule... 2. RTFMs 3. Disabled Secure Shell, since /etc/services says it uses TCP and UDP ports 22. I figured it couldn't hurt and may avoid some conflict. That's about it. When I sit at another NT box at 192.168.1.4 and try using PC Anywhere to connect to 192.168.1.2 *directly* it works fine. I have MS' lousy Network Monitor utility running on the 192.168.1.2 box and it sees the traffic on UDP 22 and TCP 5631 just fine. However, when I sit at the same machine and try to connect to 192.168.1.2 via my public IP via NAT, I see no traffic whatsoever hitting the 192.168.1.2 box. Anybody have any ideas how to troubleshoot this further? The /var/log/alias.log file seems next to useless to me, is there a way to make the output more verbose? TIA, -Sean Noonan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9911172111110.681-100000>