Site Navigation

Date:      Fri, 18 Sep 2009 20:18:19 -0400
From:      Steve Bertrand <steve@ibctech.ca>
To:        SElgram@VerifPoint.com
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Help with NAT
Message-ID:  <4AB4234B.5060409@ibctech.ca>
In-Reply-To: <3F3F36886F1E4185AB1EE019FF6DB93D@CREDENTALS>
References:  <3F3F36886F1E4185AB1EE019FF6DB93D@CREDENTALS>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
Scott Elgram wrote:
> Hello,
> 
>             I am at my wits end with this one.  I have set up a box to use
> of firewall/nat.  However, during the setup I pointed set net to do a port
> redirect of port 6502 to port 80 of my development web server.  Everything
> worked fine so I deployed my new box onto a live IP and tested it again with
> the same redirect to my dev server.  Still, everything works fine so I
> changed /etc/natd.conf to point to my production web server and it won't
> work.  I have tried everything that I can think of to narrow down this issue
> but I just can't figure it out.  I pointed everything back to my dev server
> and it's still working.  I changed the dev servers IP and changed nat to
> point to the new IP and it still works.  It would see that nat will work
> only with my dev server and no other computer.
> 
>  
> 
> Can anyone offer any suggestions, I'm sure I'm missing something basic.

On the production server, after you've got things pointed to it:

# tcpdump -n -i em0 port 80

...where em0 is the interface.

Send a request through from the outside, and verify that you can see the
HTTP request come in to the production box, and go back out again. It
should look like the following. Note that these are v6 addrs not v4, but
the result is the same. In the first packet, 5 -> b6 is request in, and
b6 -> 5 is response back. You 'should' see the same result, but with
your v4 addresses instead.

pearl# tcpdump -n -i em0 port 80

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on re0, link-type EN10MB (Ethernet), capture size 96 bytes
20:09:52.912361 IP6 2607:f118::5.1752 > 2607:f118::b6.80: S
3408461679:3408461679(0) win 16384 <mss 1440>

20:09:52.912425 IP6 2607:f118::b6.80 > 2607:f118::5.1752: S
1781312333:1781312333(0) ack 3408461680 win 65535 <mss 1440>

...whether you see the packets come in or not, post back with your findings.

Do you perhaps have to 'restart' natd in order to release any sort of
caching?

STeve

[-- Attachment #2 --]
0�	*�H��

��0�

10	+0�	*�H��


���0��0�C�
K9�����AbxI�U�w0
	*�H��


0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
090507231610Z
100507231610Z0B10UThawte Freemail Member10	*�H��

	
steve@ibctech.ca0�
"0
	*�H��



�
0�

�

��D��Z�杙�<��2�Iⵀ�f�r�sE�6�����q?�0.>
S@Œ!�V?A�\Q�
r�-�a��Z�
Ō�f/����0�{�O�YQ�hɏ�ߴ�
F��_\��Q���0�BF�=<��_.a�*�3���e�pe��Y|�t�ݼ�c�vl��ҷ+@p��i��Q�A{��2�E��9�WN�4�[�Z��`�h�6��V�M���/zPb�d�(GC���
��^K6X��V4��j<t��

�-0+0U0�steve@ibctech.ca0U

�00
	*�H��


��æ���|����85a����Qz-*3HG������		����.s��*��Fw�*����`��HvF��w;���9���ytƘ�n��0taC/�:�W�C�+�LÙ{�O��q� ��1��n0��0�C�
K9�����AbxI�U�w0
	*�H��


0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
090507231610Z
100507231610Z0B10UThawte Freemail Member10	*�H��

	
steve@ibctech.ca0�
"0
	*�H��



�
0�

�

��D��Z�杙�<��2�Iⵀ�f�r�sE�6�����q?�0.>
S@Œ!�V?A�\Q�
r�-�a��Z�
Ō�f/����0�{�O�YQ�hɏ�ߴ�
F��_\��Q���0�BF�=<��_.a�*�3���e�pe��Y|�t�ݼ�c�vl��ҷ+@p��i��Q�A{��2�E��9�WN�4�[�Z��`�h�6��V�M���/zPb�d�(GC���
��^K6X��V4��j<t��

�-0+0U0�steve@ibctech.ca0U

�00
	*�H��


��æ���|����85a����Qz-*3HG������		����.s��*��Fw�*����`��HvF��w;���9���ytƘ�n��0taC/�:�W�C�+�LÙ{�O��q� ��1��n0�?0���


0
	*�H��


0��10	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*�H��

	
personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0��0
	*�H��



��0����Ħ<UsU�N�ʙZh�up��������[�v�:a�Q�
��P
0�cZ,�p����+�Z�?qV˯<���6$*�+��w=�+��>�@�dק���e��*T�H���<a@dr`��

���0��0U

�0

�
0CU<0:08�6�4�2http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U
0)U"0 �010UPrivateLabel2-1380
	*�H��


��H��P��.�
�f�g�����C���L!��6�-�6/��P �p<���ab��:~�����t�%P�b��'qW%�ݩ�9�� Oe_�������N���4�[5Mw�V!x��!5�$��F�]_eO1�d0�`

0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAK9�����AbxI�U�w0	+��
�0	*�H��

	1	*�H��


0	*�H��

	1
090919001819Z0#	*�H��

	1@ŷ?rY�"�
�b+� ?��0R	*�H��

	1E0C0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0��	+

�71x0v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAK9�����AbxI�U�w0��*�H��

	1x�v0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CAK9�����AbxI�U�w0
	*�H��



�
`÷-'�)�Y�˳�
U�DlW��v���|aH��.rW��ۜ�"��^e$֖�NĖ���r�*�kg=�B2%2=�ᏫU�\ā�w�1 *�A;ٷ�I���&qC��3�Y�d��cY������|�z�I�ܪ�(5�@�`��N�~��A�;9�KH����5J/uZN:�~����<��M\邴�u�t�� bG��ZG�6s�KV�!Y�x9YG8Z�)��0w�w|���/�8}2�Eq,o���SȌ��޴ŵ�{Y

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AB4234B.5060409>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact