From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 20 04:46:30 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0C60816A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 20 Aug 2004 04:46:30 +0000 (GMT)
Received: from omr1.netsolmail.com (omr1.netsolmail.com [216.168.230.162])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 97A6E43D45
	for <freebsd-questions@freebsd.org>;
	Fri, 20 Aug 2004 04:46:29 +0000 (GMT)
	(envelope-from rich@stigroup.net)
Received: from ms5.netsolmail.com (IDENT:mirapoint@[216.168.230.178])
	by omr1.netsolmail.com (8.12.10/8.12.10) with ESMTP id i7K4kSvu004954;
	Fri, 20 Aug 2004 00:46:28 -0400 (EDT)
Received: from bali (ool-4351f05f.dyn.optonline.net [67.81.240.95])
	by ms5.netsolmail.com (Mirapoint Messaging Server MOS 3.2.2-GA)
	with ESMTP id BVK45845;
	Fri, 20 Aug 2004 00:46:23 -0400 (EDT)
Message-Id: <200408200446.BVK45845@ms5.netsolmail.com>
From: "Rich Shinnick" <rich@stigroup.net>
To: "'Hakim Singhji'" <Hakim.Singhji@nychhc.org>,
	"'Hakim Z. Singhji'" <system-administrator@earthlink.net>,
	"'MatthewSeaman'" <m.seaman@infracaninophile.co.uk>
Date: Fri, 20 Aug 2004 00:46:20 -0400
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
Thread-Index: AcR1eCbC7iA6vR/ISwapVwgQf1vYPgQ9kkUA
Content-Type: multipart/signed;
	micalg=SHA1;
	boundary="----=_NextPart_000_0083_01C4864E.92F223D0";
	protocol="application/x-pkcs7-signature"
In-Reply-To: <20040729T102705Z_C5AF00120003@nychhc.org>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
cc: 'Bill Moran' <wmoran@potentialtech.com>
cc: freebsd-questions@freebsd.org
Subject: RE: HOWTO Ping LAN???
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Aug 2004 04:46:30 -0000

This is a multi-part message in MIME format.

------=_NextPart_000_0083_01C4864E.92F223D0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hakim,
 
What you are trying to do is possible in two ways:
 
1. SSH to the box, and tunnel to other internal machines according to the
tunnels you have set up. (See the last email I sent).
2. Port forward connections from the Internet "thru" the BSD to internal
machines.
 
Check these links:
http://www.rootprompt.net/freebsd_firewall.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html 


  _____  

From: Hakim Singhji [mailto:Hakim.Singhji@nychhc.org] 
Sent: Thursday, July 29, 2004 10:27 AM
To: Hakim Z. Singhji; MatthewSeaman
Cc: Bill Moran; freebsd-questions@freebsd.org
Subject: Re: HOWTO Ping LAN???


Hi Matt,

You say that the only way I will be able to connect to my network is by
tunneling. 
This is not what I want to do, I thought I may be able to SSH, Telnet, www,
etc. 
from the outside to my default gateway and have the gateway pass SSH,
Telnet, 
www., or any other request to the machine on the private network by
including the 
"localhost.defaultgateway.domain.org" or something to that affect.

Does NAT Overloading only go one way???

Hakim Z. Singhji
Coordinating Mgr. / Infection Control
718-245-3923
hakim.singhji@nychhc.org

>>> Matthew Seaman <m.seaman@infracaninophile.co.uk> 7/29/2004 5:32:32 AM
>>>
On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote:

> Figure 1
> 
> ***************
> * Internet *
> *24.199.1xx.xx*
> ***************
> ~ |
> ~ |
> *************** **************
> * Defaut GW * __ __ *Kids Machine*
> *192.68.0.1 * *192.68.0.3 *
> FreeBSD 4.10 * * Mandrake 10*
> *************** **************
> ~ |
> ~ |
> *****************
> *Wrk Station1*
> *192.68.0.2 *
> *Redhat 9 *
> *****************
> 
> This is a rough diagram of the network... I would like to ssh, ping,
> etc. the machines behind the default gateway directly (without
> tunneling) from the outside the network (at work for example). Is this
> possible and if so how do I config. Keep in mind that my default
> gateway is FreeBSD. I know this may be a complicated project but if you
> could help that would help me greatly. Many thanks to everyone in advance.

I'm afraid that's not going to be possible with your current network
layout. If you want all of your machines to be accessible from the
Internet, then you'll need routable addresses on all of your machines.

I know you've said you don't want to use tunnelling, but
unfortunately, that's the only way you can access a private address
space as you have from outside it. A relatively simple way of doing
that is to ssh into your gateway box, and use the '-L' or '-R'
portforwarding options to create a tunnel to one of the internal
machines, and then ssh or otherwise connect through that tunnel: see
eg.

http://www.linux.ie/articles/tutorials/ssh.php 

One other point: you're going to have problems if you're using
192.168.0.0 as the IP number on your FreeBSD machine. That's the
*network* address, and shouldn't be applied directly to any specific
machine. If you're running your internal network using 192.168.0.0/24
as the address space, then you have 254 addresses (from 192.168.0.1 to
192.168.0.254) to use for client machines, since 192.168.0.0 (network
address) and 192.168.0.255 (broadcast address) are reserved as part of
the networking setup.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK



------=_NextPart_000_0083_01C4864E.92F223D0
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII4jCCAmow
ggHToAMCAQICAwxfnTANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh
d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt
YWlsIElzc3VpbmcgQ0EwHhcNMDQwNTI0MjMxNzIxWhcNMDUwNTI0MjMxNzIxWjBiMREwDwYDVQQE
EwhTaGlubmljazEQMA4GA1UEKhMHUmljaGFyZDEZMBcGA1UEAxMQUmljaGFyZCBTaGlubmljazEg
MB4GCSqGSIb3DQEJARYRcmljaEBzdGlncm91cC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBALBZCqYlGRouZSwdrzBw0t+NGv7qL6gRGj8U8JSAbS6JYiIH0hKnLjKHj/pi5Wb+vSpNwozo
KuYDUiMsCMbkbGNs+aJkV10uBq3vqa0uiEv1RMrYcpRzA3wtXZMYJReiZYMYtn0zmpVRFPCnk6Sy
OrqUkpyzNueWHURsJ750cR1hAgMBAAGjLjAsMBwGA1UdEQQVMBOBEXJpY2hAc3RpZ3JvdXAubmV0
MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAAhHPcjFbRNhW4dpDHtNhrfOz4kr2R/97
82BmDZEyYHMNA9+agNbgJ/B5rmkJKOaSyJXFIqA4UZJgK2Wd1eiwpUluf89yPt+uTLgx2SorC57L
YhYnsH7QOwWyIDtZz4gPQueNylVIBFmZVBrQwZ0//B65gVfULStbndceS47s4TkwggMtMIIClqAD
AgECAgEAMA0GCSqGSIb3DQEBBAUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBD
YXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYD
VQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVy
c29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0
ZS5jb20wHhcNOTYwMTAxMDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCB0TELMAkGA1UEBhMCWkExFTAT
BgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUg
Q29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIG
A1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25h
bC1mcmVlbWFpbEB0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUadfUsJRk
W3HpR9gMUbbqcpGwhF59LQ2PexLfhSV1KHQ6QixjJ5+Ve0vvfhmHHYbqo925zpZkGsIUbkSsfOaP
6E0PcR9AOKYAo4d49vmUhl6t6sBeduvZFKNdbnp8DKVLVX8GGSl/npom1Wq7OCQIapjHsdqjmJH9
edvlWsQcuQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAMfskn5O
+PWWpWdiKqTwTRFg0G+NYFhhrCa7UjVcCM8w+6hKloofYkIjjBcP9LpknBesRynfnZhe0mxgcVyi
rNx54+duAEcftQ0o6AKd5Jr9E/Sm2Xyx+NxfIyYJkYBz0BQb3kOpgyXy5pwvFcr+pquKB3WLDN1R
hGvk+NHOd6KBMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkEx
FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3
dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEk
MCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJz
b25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVow
YjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq
BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU
5VAKMNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTX
p6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8C
AQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFs
RnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2
YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aU
nX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3dqZw5
jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAs8wggLLAgEB
MGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4x
LDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMMX50wCQYFKw4D
AhoFAKCCAbwwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDQwODIw
MDQ0MjMwWjAjBgkqhkiG9w0BCQQxFgQUGh30fJwVJ5KPudOTIYN9W1cDnbAwZwYJKoZIhvcNAQkP
MVowWDAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcw
DQYIKoZIhvcNAwICASgwBwYFKw4DAhowCgYIKoZIhvcNAgUweAYJKwYBBAGCNxAEMWswaTBiMQsw
CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwxfnTB6BgsqhkiG9w0BCRAC
CzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0
ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMMX50wDQYJ
KoZIhvcNAQEBBQAEgYAQlfwPvSaGBl1MaQNZzioI6iR895mOFn06VeKV0eND6B3mzjPHD/tD6cpI
PcYbI3LD31R42BlhpBu8OIXkrfTaMTFfYj5OeamEP13Fs5+MN7QtpHw1q8jqHW/PiVdFJ5fEvVR+
4Lmei7BIU/+9/heHwS29j8utD5o5VX5X9D0ROgAAAAAAAA==

------=_NextPart_000_0083_01C4864E.92F223D0--