From owner-freebsd-questions Thu Feb 28 21: 7:51 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.mango-bay.com (mail.mango-bay.com [208.206.15.12]) by hub.freebsd.org (Postfix) with ESMTP id E96F137B417 for ; Thu, 28 Feb 2002 21:07:43 -0800 (PST) Received: from barbish ([63.70.155.118]) by mail.mango-bay.com (Post.Office MTA v3.5.3 release 223 ID# 0-52377U2500L250S0V35) with SMTP id com; Fri, 1 Mar 2002 00:12:21 -0500 From: "Joe & Fhe Barbish" To: , "Aaron Hill" Cc: "FBSDQ" Subject: RE: NATD PCANYWHERE! Date: Fri, 1 Mar 2002 00:07:39 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <14981.203.11.225.5.1014953362.squirrel@www.futureuse.net> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I just finished setting up PCanywhere on 5 winboxs on the lan behind a ipfw firewall. Any one of those 5 winboxs can get a host or remote connection with each other and can call out as a remote to any host on the public internet. With Pcanywhere the remote takes over control of the host. These are the rules I use. # Allow out PCanywhere software product $fwcmd add 00740 allow udp from $iip to any 22,5632 out via $oif keep-state $fwcmd add 00741 allow tcp from $iip to any 5631 out via $oif setup keep-state Where $iip is the IP address range of the lan winboxs. I do not have a natd divert rule in my rules because it was creating packet mis-matches in the advanced stateful check-state/keep-state dynamic rules. I use user ppp -nat for public to private and back again ip address translation. Now seeing what you 2 are talking about makes me curious about what you are doing and why? Could you please explain? Thanks Joe -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Aaron Hill Sent: Thursday, February 28, 2002 10:29 PM To: moth21@hotmail.com Cc: questions@freebsd.org Subject: Re: NATD PCANYWHERE! > Hello, > > I have FreeBSD 4.5 with natd/ipfw, all I want to do is redirect > pcanywhere traffic. Internet traffic is routing correctly. > > Here is my /etc/natd.conf > interface dc1 > use_sockets yes > same_ports yes > > redirect_port tcp x.x.x.x:5631 x.x.x.x:5631 > redirect_port tcp x.x.x.x:5632 x.x.x.x:5632 > > And here is my handy script I wrote > #!/bin/sh > natd -f /etc/natd.conf > /sbin/ipfw -f flush > /sbin/ipfw add divert natd all from any to any via dc1 > /sbin/ipfw add pass all from any to any > > What gives? I get Connection Refused... Douglas, Here's how I've got it working. You need these lines in /etc/natd.conf ... # Allow incoming traffic on that NAT address deny_incoming no # pcAnywhere redirect_port tcp xxx.xxx.xxx.xxx:5631 5631 redirect_port udp xxx.xxx.xxx.xxx:5632 5632 ... where xxx.xxx.xxx.xxx is the IP address of your PC-Anywhere host. Your firewall rules look OK. I think the problem is you are allowing TCP 5632 when you actually need UDP 5632. > > Thanks, > > Douglas A. Maske > Consultant > All Bases Covered, Inc. > Aaron Hill. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message