From owner-freebsd-questions@FreeBSD.ORG Wed Aug 6 20:22:18 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86DF237B404 for ; Wed, 6 Aug 2003 20:22:18 -0700 (PDT) Received: from cultdeadsheep.org (charon.cultdeadsheep.org [80.65.226.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7280143FBD for ; Wed, 6 Aug 2003 20:22:16 -0700 (PDT) (envelope-from sheepkiller@cultdeadsheep.org) Received: (qmail 88500 invoked from network); 7 Aug 2003 03:22:15 -0000 Received: from unknown (HELO chuck.cultdeadsheep.org) (192.168.0.12) by goofy.cultdeadsheep.org with SMTP; 7 Aug 2003 03:22:15 -0000 Date: Thu, 7 Aug 2003 05:22:20 +0200 From: Clement Laforet To: Mark Message-Id: <20030807052220.15544671.sheepkiller@cultdeadsheep.org> In-Reply-To: <200308070155.h771tl6G000549@redtick.homeunix.com> References: <20030807043543.53428bc6.sheepkiller@cultdeadsheep.org> <200308070155.h771tl6G000549@redtick.homeunix.com> Organization: tH3 cUlt 0f tH3 d3@d sH33p X-Mailer: Sylpheed version 0.9.4 (GTK+ 1.2.10; i386-portbld-freebsd5.1) X-Face: ._cVVRDn#-2((lnfi^P7CoD4htI$4+#G/G)!w|,}H5yK~%(3-C.JlEYbOjJGFwJkt*7N^%z jYeu[;}]}F"3}l5R'l"X0HbvT^D\Q&%deCo)MayY`);TO Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: ipfw natd forward port 80 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 03:22:18 -0000 On Wed, 6 Aug 2003 20:55:47 -0500 (CDT) Mark wrote: > I am still unable to connect from the outside, > from the kernel config > # ipfw options > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=10 > options IPFIREWALL_DEFAULT_TO_ACCEPT > options IPDIVERT > > #To hide firewall from traceroute > options IPSTEALTH > > #To hide from nmap, remove if create web server > #options TCP_DROP_SYNFIN ok here my set up (I use pound for web traffic now but it used to work for year) kernel conf : options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT natd.conf : [root@chuck|(553)| teapop-devel]# ssh charon.cultdeadsheep.org cat /etc/natd.conf log no deny_incoming no port 8668 # use_sockets yes # # Avoid port changes if possible. Makes rlogin work # in most cases. # same_ports yes # verbose no interface tun0 unregistered_only yes redirect_port tcp 192.168.0.1:80 80 Now the debugging :) when you try a "telnet 80" you have : 1. Connection refused : natds is'nt running 2. ping timeout : - your firewall is faulty or - your server is down or - your server doesn't have the right gateway