From owner-freebsd-questions  Thu Mar  8  7: 6:26 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from aardvark.empresite.com (host132094.metrored.net.ar [200.59.132.94])
	by hub.freebsd.org (Postfix) with ESMTP id 3616837B718
	for <freebsd-questions@freebsd.org>; Thu,  8 Mar 2001 07:06:23 -0800 (PST)
	(envelope-from pbendersky@itineri.com)
Received: from rafa (host132093.metrored.net.ar [200.59.132.93])
	by aardvark.empresite.com (8.9.3/8.8.7) with SMTP id MAA02086
	for <freebsd-questions@freebsd.org>; Thu, 8 Mar 2001 12:03:39 -0400
From: "Pablo Bendersky" <pbendersky@itineri.com>
To: <freebsd-questions@freebsd.org>
Subject: Problem setting up NAT
Date: Thu, 8 Mar 2001 12:07:00 -0300
Message-ID: <JPEAKMLHKPBJHAEBDFIEAECOCCAA.pbendersky@itineri.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I've just configured a computer to serve as our network firewall.
It's working ok. It has two interfaces, xl0 (Connected to our local network,
192.168.0) and xl1, connected to our external IP.

We have some little firewall settings, which are:
(I think they are more than the needed)
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00500 divert 8668 ip from any to any via xl1
00700 allow tcp from 200.59.132.93 to 200.59.132.92
01000 allow tcp from any to any established
02000 allow tcp from any to any setup
03000 allow udp from any to any
04000 allow icmp from any to any
65535 deny ip from any to any

and when running
/sbin/natd -n xl1
everything works fine, and everyone on the local network has internet
access.

Now, I wanted to make use of a second external IP address I have, so I added
it as an alias to xl1. It works ok, and I can ping it from everywhere.
I then tried to make nat forward telnet service (Which, by the way is not
running on this machine) to one of our local machines.
For that, I tried with:
/sbin/natd -redirect_port tcp 192.168.0.4:23 <alias_ip>:23 -n xl1

After that, I was still able to ping the alias IP, and everything, but not
able to telnet the localhost. (Which I can telnet from any computer on the
local network)

I have, of course, gateway_enable="YES" in my /etc/rc.conf

Thanks a lot !

	Pablo Bendersky
	pbendersky@itineri.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message