Date: Thu, 5 Oct 2000 20:05:37 +0300 From: Ruslan Ermilov <ru@sunbay.com> To: Luke Roberts <luke@roberts.nl> Cc: questions@FreeBSD.org Subject: Re: NATD reditect problems for traffic coming from TCP port 41 Message-ID: <20001005200537.A62541@sunbay.com> In-Reply-To: <5.0.0.25.2.20001005172033.00aaa4f0@pop.roberts.nl>; from luke@roberts.nl on Thu, Oct 05, 2000 at 05:43:37PM %2B0200 References: <5.0.0.25.2.20001005172033.00aaa4f0@pop.roberts.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 05, 2000 at 05:43:37PM +0200, Luke Roberts wrote:
> Hi,
>
> I'm new to this list and hope I chose the correct list to send this
> question to. If I chose the wrong one please let me know where I should
> post this question.
>
>
> My problem:
>
> I had a FreeBSD 3.2 machine that used NATD and IPFW to act as a gateway to
> my cable modem for my small office network. All worked fine, including
> redirecting traffic from my bank (for telebanking). My bank initiates
> traffic during telebanking so I need to redirect some traffic from them.
> All traffic from the following IP numbers and ports would get redirected to
> a windows machine (192.168.0.8) running the banksoftware:
>
> 193.172.44.45
> 193.172.44.78
> 194.151.107.44
> 194.151.107.76
>
> ports 41,42,62 and 63.
>
> I did this with the following /etc/natd.conf
>
> #natd.conf
> use_sockets
> same_ports yes
> dynamic yes
>
> redirect_port tcp 192.168.0.8:1024-10026 1024-10026 193.172.44.45:40-9042
> redirect_port tcp 192.168.0.8:1024-10026 1024-10026 193.172.44.78:40-9042
> redirect_port tcp 192.168.0.8:1024-10026 1024-10026 194.151.107.44:40-9042
> redirect_port tcp 192.168.0.8:1024-10026 1024-10026 194.151.107.76:40-9042
> # eof......................
>
>
> I recently reinstalled the machine with FreeBSD 4.1 and noticed that
> incoming traffic from the bank's port 41 was not getting redirected by natd
> to 192.168.0.8 any more. Here's a sample from NATd's verbose output:
>
> IN [TCP] [TCP] 194.151.107.44:42 -> 213.73.148.57:1995
> [TCP] 194.151.107.44:42 -> 192.168.0.8:1995
>
> IN [TCP] [TCP] 194.151.107.44:41 -> 213.73.148.57:1998
> [TCP] 194.151.107.44:41 -> 213.73.148.57:1998
>
> As you see above, traffic from port 41 is not getting redirected. It is
> simply aimed at my 'outside' IP number 213.73.148.57 again. However traffic
> form port 42 is getting redirected. Also (not visable in above) traffic
> from port 62 and 63 is getting redirected correctly. And to top it off I
> have several ports redirected for machines running Napster and ICQ. Traffic
> from port 41 seems to be a culprit. 8-(
>
The
redirect_port tcp 192.168.0.8:1024-10026 1024-10026 194.151.107.44:40-9042
is just a short form of specifying 9003 rules like this:
redirect_port tcp 192.168.0.8:1024 1024 194.151.107.44:40
redirect_port tcp 192.168.0.8:1025 1025 194.151.107.44:41
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
redirect_port tcp 192.168.0.8:1026 1026 194.151.107.44:42
...
redirect_port tcp 192.168.0.8:10025 10025 194.151.107.44:9041
redirect_port tcp 192.168.0.8:10026 10026 194.151.107.44:9042
I.e., inside libalias(3), they will be stored as 9003 individual rules.
This does mean that natd will do the following redirections, assuming
that 213.73.148.57 is the main aliasing IP:
IN [TCP] [TCP] 194.151.107.44:41 -> 213.73.148.57:1025
[TCP] 194.151.107.44:41 -> 192.168.0.8:1025
and vice versa:
OUT [TCP] [TCP] 192.168.0.8:1025 -> 194.151.107.44:41
[TCP] 213.73.148.57:1025 -> 194.151.107.44:41
As for the first redirection, it was probably caused by outgoing
connection from 192.168.0.8:1995 to 194.151.107.44:42. I.e.,
the outgoing connection attempt caused
OUT [TCP] [TCP] 192.168.0.8:1995 -> 194.151.107.44:42
[TCP] 213.73.148.57:1995 -> 194.151.107.44:42
And then the reply packet caused:
IN [TCP] [TCP] 194.151.107.44:42 -> 213.73.148.57:1995
[TCP] 194.151.107.44:42 -> 192.168.0.8:1995
Cheers,
--
Ruslan Ermilov Oracle Developer/DBA,
ru@sunbay.com Sunbay Software AG,
ru@FreeBSD.org FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001005200537.A62541>