From owner-freebsd-questions Thu Jun 13 2:16:26 2002 Delivered-To: freebsd-questions@freebsd.org Received: from pheidippides.md.chalmers.se (pheidippides.md.chalmers.se [129.16.237.91]) by hub.freebsd.org (Postfix) with ESMTP id 1D32337B422; Thu, 13 Jun 2002 02:16:00 -0700 (PDT) Received: from quirm.cs.chalmers.se (quirm.cs.chalmers.se [129.16.225.31]) by pheidippides.md.chalmers.se (8.10.1/8.10.1) with ESMTP id g5D9Fw614806; Thu, 13 Jun 2002 11:15:58 +0200 (MET DST) Received: from localhost (davidw@localhost) by quirm.cs.chalmers.se (8.8.5/8.8.5) with ESMTP id LAA02980; Thu, 13 Jun 2002 11:15:56 +0200 (MEST) X-Authentication-Warning: quirm.cs.chalmers.se: davidw owned process doing -bs Date: Thu, 13 Jun 2002 11:15:56 +0200 (MEST) From: David Wahlstedt To: Alexander V Zubchenko Cc: , Subject: Re: natd port forwarding In-Reply-To: <20020612080718.Q92282-100000@server.hermes-comp.zp.ua> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 12 Jun 2002, Alexander V Zubchenko wrote: > Hello! > > It seems to be correct. But who can b sure? ;-) > > On Tue, 11 Jun 2002, David Wahlstedt wrote: > > > $fwcmd -f flush > > > > $fwcmd add 500 divert 8668 al from any to any via ep0 > I hope this just a mistype in letter, but 'divert 8668 all' (with > duoble-l). Thanks ! It was a typo. I corrected it, made sure the change was on the floppy, rebooted, but it still doesn't work. Running "ipfw list" gives the same answer as before the change. The divert rule is there and seems to work both before and after the change, in the sense that the "nat mechanism" works, but not port forwarding. The firewall (2.2.5-based "net" picoBSD) has ep1 10.0.0.1 to LAN and ep0 217.x.x.x to WAN. My computer (fbsd-4.5-R) is 10.0.0.4 I tried netcat on 10.0.0.4: > nc -l -p 1234 And also on 10.0.0.4: > telnet 217.x.x.x 1234 "connection refused", it answers. The same happens with > nc -v -p 1234 217.x.x.x Is this the right testing method here ? rc.conf: can the following be an error ? Do I have the wrong netmask on ep1 ? ifconfig_ep0="inet 217.bla.bla.bla netmask 255.255.255.0 up" ifconfig_ep1="inet 10.0.0.1 netmask 255.255.255.128 up" Do you have something similair - an example with port forwarding ? Anyone who has a set of config files for the 2.2.5 based picoBSD "net" floppy using port forwarding and nat ? Regards, David W Below I include my rc.conf, natd.conf, rc.firewall and dmesg output: --------------------------------------------------------------------------- natd.conf: # does the order of lines matter ? # whats the effective difference between # "interface ep0" and "alias_address 217.bla.bla.bla" ? # I've tried both (not simultaneously - not allowed) without noticing any # changed behaviour interface ep0 unregistered_only #alias_address 217.bla.bla.bla use_sockets yes same_ports yes # dc redirect_port tcp 10.0.0.3:411-412 217.bla.bla.bla:411-412 redirect_port udp 10.0.0.3:411-412 217.bla.bla.bla:411-412 # ftp redirect_port tcp 10.0.0.3:20-21 217.bla.bla.bla:20-21 redirect_port udp 10.0.0.3:20-21 217.bla.bla.bla:20-21 # test redirect_port tcp 10.0.0.4:1234 217.bla.bla.bla:1234 redirect_port udp 10.0.0.4:1234 217.bla.bla.bla:1234 --------------------------------------------------------------------------- rc.conf: #!/bin/sh # swapfile="NO" # Set to name of swapfile if aux swapfile desired. ### Network configuration sub-section ###################### ### Basic network options: ### hostname="pico.bla.se" # Probably invalid - arbitrary chosen. tcp_extensions="NO" # Allow RFC1323 & RFC1644 extensions (or NO). network_interfaces="lo0 ep0 ep1" # List of network interfaces (lo0 is loo ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. ifconfig_ep0="inet 217.bla.bla.bla netmask 255.255.255.0 up" ifconfig_ep1="inet 10.0.0.1 netmask 255.255.255.128 up" ### Network daemons options: ### inetd_enable="YES" # Run the network daemon dispatcher (or NO) inetd_flags="" # Optional flags to inetd snmpd_enable="NO" # Run the SNMP daemon (or NO) snmpd_flags="-C -c /etc/snmpd.conf" # Optional flags to snmpd ### Network routing options: ### defaultrouter="217.bla.bla.bla" # Set to default gateway (or NO). static_routes="" # Set to static route list (or leave empty). gateway_enable="YES" # Set to YES if this host will be a gateway. firewall_enable="YES" firewall_script="/etc/rc.firewall" firewall_type="open" firewall_quiet="NO" natd_program="/sbin/natd" natd_enable="YES" natd_interface="ep0" natd_flags="-f /etc/natd.conf" tcp_drop_synfin="YES" arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL. ### Allow local configuration override at the very end here ## if [ -f /etc/rc.conf.local ]; then . /etc/rc.conf.local fi --------------------------------------------------------------------------- rc.firewall: #my only addition to the default file: $fwcmd -f flush $fwcmd add 500 divert 8668 al from any to any via ep0 # in the "simple"-part: (currently I use "open") oif="ep0" onet="217.bla.bla.bla" omask="255.255.255.0" oip="217.bla.bla.bla" --------------------------------------------------------------------------- dmesg: Copyright (c) 1992-1998 FreeBSD Inc. Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. FreeBSD 2.2.5-STABLE #0: Mon Mar 23 16:22:37 MYT 1998 dinesh@broker.alphaque.com:/usr/src/sys/compile/PICOBSD-N.2800 CPU: i486 DX4 (486-class CPU) Origin = "GenuineIntel" Id = 0x480 Stepping=0 Features=0x3 real memory = 33554432 (32768K bytes) FreeBSD Kernel Configuration Utility - Version 1.1 Type "help" for help or "visual" to go to the visual configuration interface (requires MGA/VGA display or serial terminal capable of displaying ANSI graphics). config> disable sio0 config> disable sio2 config> disable sio3 config> port lpt0 0x0378 config> port ed0 0x0340 config> irq ed0 4 config> iomem ed0 0x00000000 config> port ed1 0x0320 config> iomem ed1 0x00000000 config> irq ep1 11 config> quit avail memory = 28262400 (27600K bytes) Probing for devices on PCI bus 0: wdc0 rev 2 int a irq 14 on pci0:15 chip0 rev 1 on pci0:16chip1 rev 1 on pci0:18Probing for devices on the ISA bus: sc0 at 0x60-0x6f irq 1 on motherboard sc0: VGA mono <16 virtual consoles, flags=0x0> ed0 not found at 0x340 ed1 not found at 0x320 sio1 at 0x2f8-0x2ff irq 3 on isa sio1: type 16550A lpt0 at 0x378-0x37f irq 7 on isa lpt0: Interrupt-driven port lp0: TCP/IP capable interface fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa fdc0: FIFO enabled, 8 bytes threshold fd0: 1.44MB 3.5in wdc0 not found at 0x1f0 wdc1 not found at 0x170 2 3C5x9 board(s) on ISA found at 0x300 0x280 ep0 at 0x300-0x30f irq 10 on isa ep0: utp[*UTP*] address 00:20:af:93:0d:4d ep1 at 0x280-0x28f irq 11 on isa ep1: aui/utp/bnc[*UTP*] address 00:a0:24:70:ab:76 npx0 on motherboard npx0: INT 16 interface IP packet filtering initialized, divert enabled, default to accept, logging disabled rootfs is 2800 Kbyte compiled in MFS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message