From owner-freebsd-questions Thu Oct 5 10: 6: 5 2000 Delivered-To: freebsd-questions@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id C398E37B503 for ; Thu, 5 Oct 2000 10:05:56 -0700 (PDT) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.0/8.11.0) id e95H5cU63269; Thu, 5 Oct 2000 20:05:38 +0300 (EEST) (envelope-from ru) Date: Thu, 5 Oct 2000 20:05:37 +0300 From: Ruslan Ermilov To: Luke Roberts Cc: questions@FreeBSD.org Subject: Re: NATD reditect problems for traffic coming from TCP port 41 Message-ID: <20001005200537.A62541@sunbay.com> Mail-Followup-To: Luke Roberts , questions@FreeBSD.org References: <5.0.0.25.2.20001005172033.00aaa4f0@pop.roberts.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.0.0.25.2.20001005172033.00aaa4f0@pop.roberts.nl>; from luke@roberts.nl on Thu, Oct 05, 2000 at 05:43:37PM +0200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Oct 05, 2000 at 05:43:37PM +0200, Luke Roberts wrote: > Hi, > > I'm new to this list and hope I chose the correct list to send this > question to. If I chose the wrong one please let me know where I should > post this question. > > > My problem: > > I had a FreeBSD 3.2 machine that used NATD and IPFW to act as a gateway to > my cable modem for my small office network. All worked fine, including > redirecting traffic from my bank (for telebanking). My bank initiates > traffic during telebanking so I need to redirect some traffic from them. > All traffic from the following IP numbers and ports would get redirected to > a windows machine (192.168.0.8) running the banksoftware: > > 193.172.44.45 > 193.172.44.78 > 194.151.107.44 > 194.151.107.76 > > ports 41,42,62 and 63. > > I did this with the following /etc/natd.conf > > #natd.conf > use_sockets > same_ports yes > dynamic yes > > redirect_port tcp 192.168.0.8:1024-10026 1024-10026 193.172.44.45:40-9042 > redirect_port tcp 192.168.0.8:1024-10026 1024-10026 193.172.44.78:40-9042 > redirect_port tcp 192.168.0.8:1024-10026 1024-10026 194.151.107.44:40-9042 > redirect_port tcp 192.168.0.8:1024-10026 1024-10026 194.151.107.76:40-9042 > # eof...................... > > > I recently reinstalled the machine with FreeBSD 4.1 and noticed that > incoming traffic from the bank's port 41 was not getting redirected by natd > to 192.168.0.8 any more. Here's a sample from NATd's verbose output: > > IN [TCP] [TCP] 194.151.107.44:42 -> 213.73.148.57:1995 > [TCP] 194.151.107.44:42 -> 192.168.0.8:1995 > > IN [TCP] [TCP] 194.151.107.44:41 -> 213.73.148.57:1998 > [TCP] 194.151.107.44:41 -> 213.73.148.57:1998 > > As you see above, traffic from port 41 is not getting redirected. It is > simply aimed at my 'outside' IP number 213.73.148.57 again. However traffic > form port 42 is getting redirected. Also (not visable in above) traffic > from port 62 and 63 is getting redirected correctly. And to top it off I > have several ports redirected for machines running Napster and ICQ. Traffic > from port 41 seems to be a culprit. 8-( > The redirect_port tcp 192.168.0.8:1024-10026 1024-10026 194.151.107.44:40-9042 is just a short form of specifying 9003 rules like this: redirect_port tcp 192.168.0.8:1024 1024 194.151.107.44:40 redirect_port tcp 192.168.0.8:1025 1025 194.151.107.44:41 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ redirect_port tcp 192.168.0.8:1026 1026 194.151.107.44:42 ... redirect_port tcp 192.168.0.8:10025 10025 194.151.107.44:9041 redirect_port tcp 192.168.0.8:10026 10026 194.151.107.44:9042 I.e., inside libalias(3), they will be stored as 9003 individual rules. This does mean that natd will do the following redirections, assuming that 213.73.148.57 is the main aliasing IP: IN [TCP] [TCP] 194.151.107.44:41 -> 213.73.148.57:1025 [TCP] 194.151.107.44:41 -> 192.168.0.8:1025 and vice versa: OUT [TCP] [TCP] 192.168.0.8:1025 -> 194.151.107.44:41 [TCP] 213.73.148.57:1025 -> 194.151.107.44:41 As for the first redirection, it was probably caused by outgoing connection from 192.168.0.8:1995 to 194.151.107.44:42. I.e., the outgoing connection attempt caused OUT [TCP] [TCP] 192.168.0.8:1995 -> 194.151.107.44:42 [TCP] 213.73.148.57:1995 -> 194.151.107.44:42 And then the reply packet caused: IN [TCP] [TCP] 194.151.107.44:42 -> 213.73.148.57:1995 [TCP] 194.151.107.44:42 -> 192.168.0.8:1995 Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message