From owner-freebsd-questions Thu Mar 28 15:42: 0 2002 Delivered-To: freebsd-questions@freebsd.org Received: from monsterjam.org (rdu26-243-184.nc.rr.com [66.26.243.184]) by hub.freebsd.org (Postfix) with SMTP id E62C237B41C for ; Thu, 28 Mar 2002 15:41:54 -0800 (PST) Received: (qmail 4357 invoked by uid 1005); 28 Mar 2002 23:41:53 -0000 Received: from jason@monsterjam.org by monsterjam.org by uid 1002 with qmail-scanner-1.10 (hbedv: 6.12.0.0. . Clear:0. Processed in 0.870969 secs); 28 Mar 2002 23:41:53 -0000 Received: from unknown (HELO monsterjam.org) (10.1.1.3) by 0 with SMTP; 28 Mar 2002 23:41:52 -0000 Date: Thu, 28 Mar 2002 18:41:52 -0500 (EST) From: jason To: freebsd-questions@FreeBSD.ORG Subject: natd wont redirect a port Message-ID: <20020328183651.S2852-100000@monsterjam.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG FreeBSD fans, Im running FreeBSD 4.5-RC and ipfw for firewall and Im trying to get a port redirect working through my freebsd box.. from outside ip address of freebsd box, port 8888 to inside ip address of 10.1.1.10 on port 80. on my freebsd box, I have monsterjam# ifconfig -a lp0: flags=8810 mtu 1500 ed1: flags=8843 mtu 1500 inet 10.1.1.3 netmask 0xffffff00 broadcast 10.1.1.255 ether 00:20:18:72:4c:ee ed2: flags=c843 mtu 1500 inet 66.26.243.184 netmask 0xfffffe00 broadcast 255.255.255.255 ether 00:80:ad:72:65:56 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 in my /etc/natd.conf file monsterjam# cat /etc/natd.conf interface ed2 dynamic yes redirect_port tcp 10.1.1.10:80 8888 in my firewall rules, I have (not the complete list) ipfw add divert natd all from any to any via ed2 ipfw add allow ip from any to any via lo0 ... ipfw add allow tcp from any to $ISP_IP 8888 in my natd statement, I have /sbin/natd -dynamic -log_denied -interface ed2 -f /etc/natd.conf and I do have forwarding on via /sbin/sysctl net.inet.ip.forwarding=1 when I sniff on the outside of my freebsd box, I see syn packets come it, but thats it.. monsterjam# tethereal -i ed2 tcp port 8888 Capturing on ed2 gateway -> rdu26-243-184.nc.rr.com TCP 4120 > 8888 [SYN] Seq=515319221 Ack=0 Win=16384 Len=0 gateway -> rdu26-243-184.nc.rr.com TCP 4120 > 8888 [SYN] Seq=515319221 Ack=0 Win=16384 Len=0 gateway -> rdu26-243-184.nc.rr.com TCP 4120 > 8888 [SYN] Seq=515319221 Ack=0 Win=16384 Len=0 when I sniff the inside interface of my freebsd box, I dont see anything coming out towards the 10.1.1.10 box. If I open an http connection (lynx) from my freebsd box to 10.1.1.10, it works fine. otherwise, my freebsd box works great as my firewall, nat gateway to get out to the internet. I see no error messages in my syslogs. I can only assume the packets are getting lost in NATD, any ideas? regards, Jason -- ======================================== | Jason Welsh jason@monsterjam.org | | http://monsterjam.org | ======================================== Nihilism should commence with oneself. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message