Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Sep 2000 22:33:38 -0700
From:      Chip <chip@wiegand.org>
To:        cjclark@alum.mit.edu
Cc:        "seafug@dub.net" <seafug@dub.net>, "freebsd-questions@freebsd.org" <freebsd-questions@FreeBSD.ORG>
Subject:   Re: natd does port forwarding?
Message-ID:  <39C99DB2.7EBD76BC@wiegand.org>
References:  <39C6FCCC.D0103226@wiegand.org> <20000918225104.I367@149.211.6.64.reflexcom.com> <39C70308.EF52766F@wiegand.org> <20000919000233.L367@149.211.6.64.reflexcom.com> <39C84A4B.766B5B24@wiegand.org> <20000919232213.Q367@149.211.6.64.reflexcom.com> <20000920212502.W367@149.211.6.64.reflexcom.com>

next in thread | previous in thread | raw e-mail | index | archive | help
*snip*
> > I cannot load it from within my home network, though I think I
> > understand why. Correct me if I'm wrong -
> > a packet goes out from 192.168.0.6, is translated to
> > 208.194.173.26
> > returns to 208.194.173.26 and is translated back to 192.168.0.6
> > then the web page tries to load from my home server but there is
> > no
> > route between the inside and outside nics, so it can't be loaded
> > into the inside network pc. Maybe I'm confused.  ;-)
> 
> I actually just explained this problem to someone else on -questions
> last night. Go to the archive and check the thread with the subject,
> "internal to internal via natd extenal redirect_port."
> 
> As I said to that poster, this is a pain to do.
Thanks for the tip, I'll look into that.

> > /usr/local/etc/rc.d, is strange. I loaded it
> > in
> > vi and it is just a whole lot of @^@^ repeated many times. And a
> > that says rc.d is not a regular file.
> 
> It's not. /usr/local/etc/rc.d should be a directory. Appropriately
> named scripts in this directory are started at boot time.

If I had done ll instead of ls I would have seen that.

*snip* 
> > Now I just have to tighten up my firewall rules. I go to grc.com
> > to
> > run the port scan on that sight and get the following results -
> > ports 21, 23, 79, 80 are open
> 
> ftp, telnet, finger, and http.
> 
> > ports 110, 113, 139, 143, 443 are closed
> 
> pop3, auth, netbios-session, imap, and https.
> 
> > My ipfw show shows this -
> > 00100 1499 429850 divert 8668 ip from any to any via ep1
> > 00100    0      0 allow ip from any to any via lo0
> > 00200    0      0 deny ip from any to 127.0.0.0/8
> > 65000 2274 800088 allow ip from any to any
> > 65535    0      0 allow ip from any to any
> > Now this doesn't seem right to my unknowledgable eyes, even for
> > an open firewall. My goal is to have a firewall that shows the
> > above
> > mentioned ports and all others as either closed or stealth. So my
> > rc.firewall is attaced for all to see an rip apart for me, so I
> > can learn from my mistakes and maybe be a better FreeBSD user.
> > :)
> > Thankyou so much for you assistance,
> 
> Not only do you have the distributed "open" firewall running, but you
> must have built a kernel with the,
> 
>   options       IPFIREWALL_DEFAULT_TO_ACCEPT
> 
> Which is not recommended. Other than that, no suprises.

So, is it okay to go back and recompile the kernel without this 
option? What effect will that have on my currant set up?

-- 
Chip W.	
www.wiegand.org
Alternative Operating Systems


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39C99DB2.7EBD76BC>