FreeBSD Mail Archives

Date:      Mon, 6 Mar 2000 07:39:26 +0100
From:      "mires" <mires@bigfoot.com>
To:        <freebsd-questions@FreeBSD.ORG>
Subject:   aliasing natd and FW
Message-ID:  <000c01bf8736$ba87a9e0$9349dbc1@eu.org>

next in thread | raw e-mail | index | archive | help


[-- Attachment #1 --]
Hi there.

I'm using 3.4-RELEASE FreeBSD one network cart:
with FW & natd there are some lines form my config files

rc.config:
ifconfig_ed2="inet 193.219.73.147  netmask 255.255.255.0"
defaultrouter="193.219.73.44"
gateway_enable="YES"
#natd
natd_program="/sbin/natd"
natd_enable="YES"
natd_interface="193.219.73.147"
natd_flags=""
#Fire wall
firewall_enable="YES"
firewall_type="OPEN"
 
rc.local
ifconfig ed2 alias 192.168.0.11 netmask 255.255.255.0

rc.firewall
 $fwcmd add divert natd all from any to any via ${natd_interface}
 $fwcmd add 10200 deny all from 192.168.0.0:255.255.0.0 to any via 193.219.73.147
 $fwcmd add 10300 deny all from any to 192.168.0.0:255.255.0.0 via 193.219.73.147


From my natd computer ant from the local network everything works just fine except:

1. from my local LAN (windoze PC's) i can't use tracert. ping go ok. but tracert:

Tracing route to hp710-3.lei.lt [193.219.73.43]
over a maximum of 30 hops:

  1     2 ms     1 ms     1 ms  193.219.73.147
  2     3 ms     3 ms     3 ms  193.219.73.147
  3    12 ms    12 ms    12 ms  193.219.73.147
  4    23 ms    29 ms    30 ms  193.219.73.147
...
 12   104 ms    70 ms   110 ms  hp710-3.lei.lt [193.219.73.43]
why it don't detect real servers IP/DNS ?
(from my proxy computter everything goes just fine)

2. the second problem: i realy cann't build a FW. i mean rule 10200 just block all 
trafic from local LAN. (it means i can't block eavil private LAN's IP's  from 
outside ?). what can i do ?

Sincerely
Dalius
aka
MamBo

[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-4" http-equiv=Content-Type>
<META content="MSHTML 5.00.2722.2800" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi there.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I'm using 3.4-RELEASE FreeBSD one network 
cart:<BR>with FW &amp; natd there are some lines form my config 
files</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>rc.config:<BR>ifconfig_ed2="inet 
193.219.73.147&nbsp; netmask 
255.255.255.0"<BR>defaultrouter="193.219.73.44"<BR>gateway_enable="YES"<BR>#natd<BR>natd_program="/sbin/natd"<BR>natd_enable="YES"<BR>natd_interface="193.219.73.147"<BR>natd_flags=""<BR>#Fire 
wall<BR>firewall_enable="YES"<BR>firewall_type="OPEN"<BR>&nbsp;<BR>rc.local<BR>ifconfig 
ed2 alias 192.168.0.11 netmask 255.255.255.0</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>rc.firewall<BR>&nbsp;$fwcmd add divert natd all 
from any to any via ${natd_interface}<BR>&nbsp;$fwcmd add 10200 deny all from 
192.168.0.0:255.255.0.0 to any via 193.219.73.147<BR>&nbsp;$fwcmd add 10300 deny 
all from any to 192.168.0.0:255.255.0.0 via 193.219.73.147</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><BR>From my natd computer ant from the local 
network everything works just fine except:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>1. from my local LAN (windoze PC's) i can't use 
tracert. ping go ok. but tracert:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Tracing route to hp710-3.lei.lt 
[193.219.73.43]<BR>over a maximum of 30 hops:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>&nbsp; 1&nbsp;&nbsp;&nbsp;&nbsp; 2 
ms&nbsp;&nbsp;&nbsp;&nbsp; 1 ms&nbsp;&nbsp;&nbsp;&nbsp; 1 ms&nbsp; 
193.219.73.147<BR>&nbsp; 2&nbsp;&nbsp;&nbsp;&nbsp; 3 ms&nbsp;&nbsp;&nbsp;&nbsp; 
3 ms&nbsp;&nbsp;&nbsp;&nbsp; 3 ms&nbsp; 193.219.73.147<BR>&nbsp; 
3&nbsp;&nbsp;&nbsp; 12 ms&nbsp;&nbsp;&nbsp; 12 ms&nbsp;&nbsp;&nbsp; 12 ms&nbsp; 
193.219.73.147<BR>&nbsp; 4&nbsp;&nbsp;&nbsp; 23 ms&nbsp;&nbsp;&nbsp; 29 
ms&nbsp;&nbsp;&nbsp; 30 ms&nbsp; 193.219.73.147<BR>...<BR>&nbsp;12&nbsp;&nbsp; 
104 ms&nbsp;&nbsp;&nbsp; 70 ms&nbsp;&nbsp; 110 ms&nbsp; hp710-3.lei.lt 
[193.219.73.43]<BR>why it don't detect real servers IP/DNS ?<BR>(from my proxy 
computter everything goes just fine)</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>2. the second problem: i realy cann't build a FW. i 
mean rule 10200 just block all <BR>trafic from local LAN. (it means i can't 
block eavil private LAN's IP's&nbsp; from <BR>outside ?). what can i do 
?<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>Sincerely</FONT></DIV>
<DIV><FONT face=Arial size=2>Dalius</FONT></DIV>
<DIV><FONT face=Arial size=2>aka</FONT></DIV>
<DIV><FONT face=Arial size=2>MamBo</DIV></FONT></BODY></HTML>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000c01bf8736$ba87a9e0$9349dbc1>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation