From owner-freebsd-questions  Sun Apr 15 19:12:23 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id A449A37B423
	for <freebsd-questions@FreeBSD.ORG>; Sun, 15 Apr 2001 19:12:20 -0700 (PDT)
	(envelope-from nick@rogness.net)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f3G3IUn64478;
	Sun, 15 Apr 2001 22:18:30 -0500 (CDT)
	(envelope-from nick@rogness.net)
Date: Sun, 15 Apr 2001 22:18:30 -0500 (CDT)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: universe <universe@truemetal.org>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: natd filters redirect port.
In-Reply-To: <3ADA1922.F279C985@truemetal.org>
Message-ID: <Pine.BSF.4.21.0104152215580.61877-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, 15 Apr 2001, universe wrote:

> hi list,
> 
> my freebsd box is acting as a gateway for my internal private network,
> the connection is made with userland ppp (pppoe) and natd. 
> 
> natd also forwards packets on the external port 81 to a internal
> machine on port 9192. since i changed from isdn to dsl the other day
> the redirect_port doesn't seem to work anymore and natd (?) is
> filtering the tcp port 81.

> 
> natd is started with: natd -n tun0 -dynamic -redirect_port tcp
> 192.168.0.4:9192 81 which forwards every request on tun0 (external
> ethernet card which connects to the dsl modem) on port 81 to the
> internal machine 192.168.0.4 at port 9192.

> 
> however, when i do a portscan from a external machine it shows that
> port 81 is being filtered as soon as i run natd with the
> -redirect_port switch:
> 
> (The 1517 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 22/tcp     open        ssh                     
> 80/tcp     open        http                    
> 81/tcp     filtered    hosts2-ns               
> 137/tcp    filtered    netbios-ns              
> 138/tcp    filtered    netbios-dgm             
> 139/tcp    filtered    netbios-ssn 
> 
> port 81 should be "open", not "filtered". i configured natd to forward
> requests on port 2345 etc. instead but the effect stays the same,
> every port gets filtered.
> 
> ipfw list on the gateway which runs natd shows the following:
> 
> 00009 deny tcp from any to any 139 in recv tun0
> 00009 deny tcp from any to any 138 in recv tun0
> 00009 deny tcp from any to any 137 in recv tun0
> 00010 divert 8668 ip from any to any via tun0
> 00011 divert 1234 tcp from any to any out xmit tun0 setup
> 00020 allow ip from any to any
> 65535 deny ip from any to any

	What is rule 11?  Is that somehow tied to the PPPoE setup [sorry
	not familiar with that setup]?



Nick Rogness <nick@rogness.net>
 - Keep on Routing in a Free World...
 "FreeBSD: The Power to Serve!"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message