Date: Sat, 22 Jan 2000 22:49:36 -0500 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Michael Bartlett <cataract@eye2eye.net> Cc: "'questions@freebsd.org'" <questions@FreeBSD.ORG> Subject: Re: FW: internet gateway setup using NATD Message-ID: <20000122224936.H5211@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <F16C1C3F6AB8D311998F00C0DF266AE7E21E@OPTIC>; from cataract@eye2eye.net on Sat, Jan 22, 2000 at 03:05:31PM %2B0200 References: <F16C1C3F6AB8D311998F00C0DF266AE7E21E@OPTIC>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jan 22, 2000 at 03:05:31PM +0200, Michael Bartlett wrote: > Thought I'd throw this @ the list as well... > > -----Original Message----- > From: Michael Bartlett > Sent: Saturday, January 22, 2000 2:56 PM > To: 'Burke Gallagher' > Subject: RE: internet gateway setup using NATD > > > Hey Burke, > > Sorry to bug you again, but I'm having another problem and it could be > related to what you told me to do and could also prove interesting... > > On one of my other boxes I run this script in /usr/local/etc/rc.d > > /sbin/natd -n fxp0 -redirect_port tcp 196.38.133.194:110 196.38.133.198:80 > /sbin/ipfw add divert natd all from any to any via fxp0 > > If you are confused, the reason is that we needed to get around a firewall > problem (one of our consultants other company close 110 access on their > firewall - this way he can pickup his mail from us with port 80!! ;) ). > > Anyway, > > I tried the identical thing on my box with your settings and take a look... > > [eyeland] # /sbin/natd -n rl0 -redirect_port tcp 196.31.83.226:25 > 196.31.83.227:80 > [eyeland] # telnet 196.31.83.227 80 > Trying 196.31.83.227... > telnet: Unable to connect to remote host: Connection refused > > Now the .227 ip is an alias on rl0, so it should just be passed along the > same NIC and have no problems. I also tried the destination being on rl1 > (192.168.62.150:25) which is an smtp server on my local network and that > didn't work either. > > Any thoughts? Yes. First, don't start NATd from /usr/local/etc/rc.d. That is pretty much dead last in the startup process and could prevent lotsa stuff from being started properly in the ealier steps since the networking won't work. It also means that your divert to natd in the firewall is the last rule. Most likely, that will mess things up too (especially if you have a 'pass ip any to any' before it). In your second problem, it's really hard to say what is going on. Your firewall rules (with the divert) are suspect for the above reasons, so I would not be surprised if nothing works. However, even if we assume they are now OK, we can't say if there is a problem with natd. If you call 196.31.83.226 directly on port 25, do you actually get to talk to sendmail (or whatever MTA is supposed to be listening)? natd could be working and we would not know it. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000122224936.H5211>