Date: Tue, 14 Dec 2004 17:14:08 -0500 From: "Zeno Lee" <zeno_lee@hotmail.com> To: <freebsd-pf@freebsd.org> Subject: Re: NAT works but port forwarding does not Message-ID: <BAY103-DAV14F692401C0E2E5A4D2083E2AC0@phx.gbl> References: <BAY103-DAV17C00EC3123282040DE4DFE2AC0@phx.gbl> <200412141647.01789.pathiaki@pathiaki.com> <c2d45d6e0412141358aeb59da@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes I can reach the web server via the gateway I did a simple telnet to port
80 and did a GET on index.html.
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet6 fe80::211:43ff:fecd:19d6%em0 prefixlen 64 scopeid 0x1
inet 160.79.174.98 netmask 0xfffffff8 broadcast 160.79.174.103
ether 00:11:43:cd:19:d6
media: Ethernet autoselect (100baseTX <half-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet6 fe80::211:43ff:fecd:19d7%em1 prefixlen 64 scopeid 0x2
inet 192.168.1.55 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:11:43:cd:19:d7
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
tcpdump of em0 (external interface) during a web request:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes
17:07:02.077447 IP user-0cdfece.cable.mindspring.com.4220 >
pbx.streetsolutions.com.http: S 1534882456:1534882456(0) win 65535 <mss
1460,nop,nop,sackOK>
17:07:02.077474 IP pbx.streetsolutions.com.http >
user-0cdfece.cable.mindspring.com.4220: R 0:0(0) ack 1534882457 win 0
17:07:02.461973 IP user-0cdfece.cable.mindspring.com.4220 >
pbx.streetsolutions.com.http: S 1534882456:1534882456(0) win 65535 <mss
1460,nop,nop,sackOK>
17:07:02.461988 IP pbx.streetsolutions.com.http >
user-0cdfece.cable.mindspring.com.4220: R 0:0(0) ack 1 win 0
17:07:02.889477 IP pbx.streetsolutions.com.63430 >
ns1.east.us.intellispace.net.domain: 61596+ PTR?
142.185.215.24.in-addr.arpa. (45)
17:07:02.900474 IP ns1.east.us.intellispace.net.domain >
pbx.streetsolutions.com.63430: 61596 1/7/8 (383)
17:07:03.032150 IP user-0cdfece.cable.mindspring.com.4220 >
pbx.streetsolutions.com.http: S 1534882456:1534882456(0) win 65535 <mss
1460,nop,nop,sackOK>
17:07:03.032168 IP pbx.streetsolutions.com.http >
user-0cdfece.cable.mindspring.com.4220: R 0:0(0) ack 1 win 0
17:07:03.898931 IP pbx.streetsolutions.com.54055 >
ns1.east.us.intellispace.net.domain: 61597+ PTR? 130.6.79.160.in-addr.arpa.
(43)
17:07:03.902284 IP ns1.east.us.intellispace.net.domain >
pbx.streetsolutions.com.54055: 61597* 1/1/1 (119)
tcpdump of em1 during a web request shows no visible traffic between em0 and
em1
----- Original Message -----
From: "Claudiu Dragalina-Paraipan" <dr.clau@gmail.com>
To: <freebsd-pf@freebsd.org>
Cc: <zeno_lee@hotmail.com>
Sent: Tuesday, December 14, 2004 4:58 PM
Subject: Re: NAT works but port forwarding does not
>I think that NAT would not work either without
> net.inet.ip.forwarding=1, so I assume it is already set to 1.
> Can you access the webserver (192.168.1.54) from the FreeBSD gateway ?
> What are the settings for em1 interface ?
>
>
> On Tue, 14 Dec 2004 16:47:01 -0500, Paul J. Pathiakis
> <pathiaki@pathiaki.com> wrote:
>> Hi,
>>
>> just getting back into the networking side of things, but did you
>> turn on packet
>> forwarding? (it should be on if you turned on gateway enable <-I think)
>> Do a:
>> sysctl -a | grep forward
>> do you get a "1".
>>
>> I may be way off, but I am trying to help. :-)
>>
>> P.
>>
>>
>> On Tuesday 14 December 2004 16:34, Zeno Lee wrote:
>> > I am just starting off with PF. I had it compiled into the kernel in
>> > 5.3
>> > stable. I have not setup any rules yet. I'm just trying to set up NAT
>> > and
>> > forwarding.
>> >
>> > My network setup
>> >
>> > Internet <----> em0 | FreeBSD | em1 <-----> LAN
>> >
>> >
>> > my pf.conf file only has:
>> >
>> > ext_if="em0"
>> > int_if="em1"
>> > webserver="192.168.1.54"
>> >
>> > nat on $ext_if from $int_if:network to any -> ($ext_if)
>> > rdr on $ext_if from any to any port 80 -> $webserver
>> >
>> >
>> > NAT works, however, I cannot get port forwarding to work. I am testing
>> > it
>> > vial a remote computer on the internet whose packets only come through
>> > em0.
>> >
>> > Am I missing anything here?
>> > _______________________________________________
>> > freebsd-pf@freebsd.org mailing list
>> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>> >
>> _______________________________________________
>> freebsd-pf@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>>
>
>
> --
> Claudiu Dragalina-Paraipan
> e-mail: dr.clau@gmail.com
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY103-DAV14F692401C0E2E5A4D2083E2AC0>