From owner-freebsd-questions  Sun Apr 15 14:59:56 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from truemetal.org (truemetal.org [206.168.16.97])
	by hub.freebsd.org (Postfix) with SMTP id E7D7137B43F
	for <freebsd-questions@freebsd.org>; Sun, 15 Apr 2001 14:59:53 -0700 (PDT)
	(envelope-from universe@truemetal.org)
Received: (qmail 14272 invoked by alias); 15 Apr 2001 21:55:56 -0000
Received: from unknown (HELO truemetal.org) (213.23.52.30)
  by truemetal.org with SMTP; 15 Apr 2001 21:55:56 -0000
Message-ID: <3ADA1922.F279C985@truemetal.org>
Date: Sun, 15 Apr 2001 23:56:50 +0200
From: universe <universe@truemetal.org>
X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-RC i386)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Subject: natd filters redirect port.
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

hi list,

my freebsd box is acting as a gateway for my internal private network,
the connection is made with userland ppp (pppoe) and natd. 

natd also forwards packets on the external port 81 to a internal machine
on port 9192. since i changed from isdn to dsl the other day the redirect_port
doesn't seem to work anymore and natd (?) is filtering the tcp port 81.

natd is started with: natd -n tun0 -dynamic -redirect_port tcp 192.168.0.4:9192
81
which forwards every request on tun0 (external ethernet card which connects to
the
dsl modem) on port 81 to the internal machine 192.168.0.4 at port 9192. 

however, when i do a portscan from a external machine it shows that port 81 is
being filtered as soon as i run natd with the -redirect_port switch:

(The 1517 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
80/tcp     open        http                    
81/tcp     filtered    hosts2-ns               
137/tcp    filtered    netbios-ns              
138/tcp    filtered    netbios-dgm             
139/tcp    filtered    netbios-ssn 

port 81 should be "open", not "filtered". i configured natd to forward requests
on port 2345 etc. instead but the effect stays the same, every port gets
filtered.

ipfw list on the gateway which runs natd shows the following:

00009 deny tcp from any to any 139 in recv tun0
00009 deny tcp from any to any 138 in recv tun0
00009 deny tcp from any to any 137 in recv tun0
00010 divert 8668 ip from any to any via tun0
00011 divert 1234 tcp from any to any out xmit tun0 setup
00020 allow ip from any to any
65535 deny ip from any to any

the same configuration worked just fine when i used dialup isdn 
and kernel-based ppp. anyone with a idea what could have happened 
and/or how to fix?

thanks in advance,
markus

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message