From owner-freebsd-pf@FreeBSD.ORG Tue Dec 14 22:15:01 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 667EF16A4CE for ; Tue, 14 Dec 2004 22:15:01 +0000 (GMT) Received: from hotmail.com (bay103-dav14.bay103.hotmail.com [65.54.174.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A1BE43D58 for ; Tue, 14 Dec 2004 22:15:01 +0000 (GMT) (envelope-from zeno_lee@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 14 Dec 2004 14:15:00 -0800 Message-ID: Received: from 68.236.191.168 by BAY103-DAV14.phx.gbl with DAV; Tue, 14 Dec 2004 22:14:08 +0000 X-Originating-IP: [68.236.191.168] X-Originating-Email: [zeno_lee@hotmail.com] X-Sender: zeno_lee@hotmail.com From: "Zeno Lee" To: References: <200412141647.01789.pathiaki@pathiaki.com> Date: Tue, 14 Dec 2004 17:14:08 -0500 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-OriginalArrivalTime: 14 Dec 2004 22:15:00.0772 (UTC) FILETIME=[5A7AD640:01C4E22A] Subject: Re: NAT works but port forwarding does not X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Dec 2004 22:15:01 -0000 Yes I can reach the web server via the gateway I did a simple telnet to port 80 and did a GET on index.html. em0: flags=8943 mtu 1500 options=1b inet6 fe80::211:43ff:fecd:19d6%em0 prefixlen 64 scopeid 0x1 inet 160.79.174.98 netmask 0xfffffff8 broadcast 160.79.174.103 ether 00:11:43:cd:19:d6 media: Ethernet autoselect (100baseTX ) status: active em1: flags=8843 mtu 1500 options=1b inet6 fe80::211:43ff:fecd:19d7%em1 prefixlen 64 scopeid 0x2 inet 192.168.1.55 netmask 0xffffff00 broadcast 192.168.1.255 ether 00:11:43:cd:19:d7 media: Ethernet autoselect (100baseTX ) status: active tcpdump of em0 (external interface) during a web request: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes 17:07:02.077447 IP user-0cdfece.cable.mindspring.com.4220 > pbx.streetsolutions.com.http: S 1534882456:1534882456(0) win 65535 17:07:02.077474 IP pbx.streetsolutions.com.http > user-0cdfece.cable.mindspring.com.4220: R 0:0(0) ack 1534882457 win 0 17:07:02.461973 IP user-0cdfece.cable.mindspring.com.4220 > pbx.streetsolutions.com.http: S 1534882456:1534882456(0) win 65535 17:07:02.461988 IP pbx.streetsolutions.com.http > user-0cdfece.cable.mindspring.com.4220: R 0:0(0) ack 1 win 0 17:07:02.889477 IP pbx.streetsolutions.com.63430 > ns1.east.us.intellispace.net.domain: 61596+ PTR? 142.185.215.24.in-addr.arpa. (45) 17:07:02.900474 IP ns1.east.us.intellispace.net.domain > pbx.streetsolutions.com.63430: 61596 1/7/8 (383) 17:07:03.032150 IP user-0cdfece.cable.mindspring.com.4220 > pbx.streetsolutions.com.http: S 1534882456:1534882456(0) win 65535 17:07:03.032168 IP pbx.streetsolutions.com.http > user-0cdfece.cable.mindspring.com.4220: R 0:0(0) ack 1 win 0 17:07:03.898931 IP pbx.streetsolutions.com.54055 > ns1.east.us.intellispace.net.domain: 61597+ PTR? 130.6.79.160.in-addr.arpa. (43) 17:07:03.902284 IP ns1.east.us.intellispace.net.domain > pbx.streetsolutions.com.54055: 61597* 1/1/1 (119) tcpdump of em1 during a web request shows no visible traffic between em0 and em1 ----- Original Message ----- From: "Claudiu Dragalina-Paraipan" To: Cc: Sent: Tuesday, December 14, 2004 4:58 PM Subject: Re: NAT works but port forwarding does not >I think that NAT would not work either without > net.inet.ip.forwarding=1, so I assume it is already set to 1. > Can you access the webserver (192.168.1.54) from the FreeBSD gateway ? > What are the settings for em1 interface ? > > > On Tue, 14 Dec 2004 16:47:01 -0500, Paul J. Pathiakis > wrote: >> Hi, >> >> just getting back into the networking side of things, but did you >> turn on packet >> forwarding? (it should be on if you turned on gateway enable <-I think) >> Do a: >> sysctl -a | grep forward >> do you get a "1". >> >> I may be way off, but I am trying to help. :-) >> >> P. >> >> >> On Tuesday 14 December 2004 16:34, Zeno Lee wrote: >> > I am just starting off with PF. I had it compiled into the kernel in >> > 5.3 >> > stable. I have not setup any rules yet. I'm just trying to set up NAT >> > and >> > forwarding. >> > >> > My network setup >> > >> > Internet <----> em0 | FreeBSD | em1 <-----> LAN >> > >> > >> > my pf.conf file only has: >> > >> > ext_if="em0" >> > int_if="em1" >> > webserver="192.168.1.54" >> > >> > nat on $ext_if from $int_if:network to any -> ($ext_if) >> > rdr on $ext_if from any to any port 80 -> $webserver >> > >> > >> > NAT works, however, I cannot get port forwarding to work. I am testing >> > it >> > vial a remote computer on the internet whose packets only come through >> > em0. >> > >> > Am I missing anything here? >> > _______________________________________________ >> > freebsd-pf@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> > >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> > > > -- > Claudiu Dragalina-Paraipan > e-mail: dr.clau@gmail.com >