Date: Tue, 28 Aug 2001 23:11:33 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: David Kelly <dkelly@hiwaay.net> Cc: Joel Rosenberg <thisisjoel@hotmail.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Forwarding packets from the internal network Message-ID: <Pine.BSF.4.21.0108282257040.67736-100000@cody.jharris.com> In-Reply-To: <200108290318.f7T3IVw72618@grumpy.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 28 Aug 2001, David Kelly wrote: > Nick Rogness writes: > On Tue, 28 Aug 2001, Joel Rosenberg wrote: > > > I'm in the process of setting up a network and have run into some > problems. I have two devices on my network (IP's 192.168.1.20 and > 192.168.1.21) that are accessed via port 80 (non changeable). Right > now, I have all traffic sent to my firewall (I only have one real > IP) on port 80 forwarded to 192.168.1.20:80 and all the traffic to > 81 sent to 192.168.1.21:80 via natd. The problem is, when a > connection from the outside is made to 192.168.1.21, it responds > by trying to open a new connection on port 80. When the outside > computer connects, the firewall forwards the now-port-80 > connection to 192.168.1.20, leaving no way of reaching > 192.168.1.21. I've tried forwarding traffic from higher ports to > internal machines (ie ssh) with success, so I can only assume that > when 192.168.1.21 gets a request, in opens up a new connection, > thereby losing the original :81->192.168.1.21:80 forwarding. > Is there any way I can set up the firewall so that all outgoing > traffic from 192.168.1.21:80 leaves the firewall on port 81? > > You can try the -same_ports option to natd. > > I'm confused by the description above as to whether or not > 192.168.1.21 is trying to connect outside on port 80 and that one > replies back to 80 or what? I believe what he is saying is that 192.168.1.21 is responding to port 80 requests with a src_port of 80 and not 81 which would not work. So if I understand correctly: 1) natd gets packet from outside world: SOURCE DESTINATION remote_IP:16675 --> your_nat_outside_IP:81 2) natd changes packet to: SOURCE DESTINATION remote_IP:16675 --> 192.168.1.21:80 3) Packet gets sent to 192.168.1.21 port 80 4) 192.168.1.21 responds sending packet back to natd machine. 5) natd changes packet to: SOURCE DESTINATION your_nat_outside_IP:80 --> remote_IP:16675 6) packet gets sent out into the world. Step #5 you want it to be: your_nat_outside_IP:81 --> remote_IP:16675 Is this the problem you were describing? Nick Rogness <nick@rogness.net> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0108282257040.67736-100000>