Date: Sat, 20 Jan 2001 16:07:01 +0000 From: John Murphy <john253@crosswinds.net> To: Paul Jansen <vlaero@yahoo.com.au> Cc: questions@FreeBSD.ORG Subject: Re: help with natd problems Message-ID: <4fcj6t4lmbnirn8j15abqvkvkilu2s0i1t@4ax.com> In-Reply-To: <20010120121145.7088.qmail@web5101.mail.yahoo.com> References: <20010120121145.7088.qmail@web5101.mail.yahoo.com>
index | next in thread | previous in thread | raw e-mail
Hi,
I'm using the (userland) ppp program on FreeBSD-4.1 so I don't
know if this will work with your version. From man ppp:
nat port proto targetIP:targetPort[-targetPort] aliasPort[-aliasPort]
[remoteIP:remotePort[-remotePort]]
This command causes incoming proto connections to aliasPort to be
redirected to targetPort on targetIP. proto is either ``tcp'' or
``udp''.
So something like:
nat port tcp 192.168.0.3:80 80
is (perhaps) all you need. (where 192.168.0.3 is the web server)
John.
Paul Jansen wrote:
>Hello.
>
>I've got a small lan connecting to the internet using
>a PicoBSD 0.41 box (FreeBSD 3.0 based). Currently I'm
>using a
>
>ppp -alias
>
>command to translate packets out of and into the
>private network (192.168.0.x). I would like to also
>translate requests originating on the public network
>and hitting the ppp adapter (tun0). Basically I want
>to have have traffic that is destined for port 80 on
>the ppp adapter redirected to a webserver on the
>private network.
>In order to get this happening I'm bringing up a PPP
>link without the '-alias' option so that I know that
>no translation is happening. I've read the FreeBSD
>3.0 release man page on natd and come up with this
>natd command line (the ip address of the natd machine
>is 192.168.0.8):
>
>/sbin/natd -s -m -p 8668 -n tun0 -redirect_port tcp
>192.168.0.7:80 80
>
>This returns no erros when I issue it. I read in the
>natd man page:
>
>"Once natd is running, you must ensure that traffic is
>diverted to natd:
>
>1. You will need to adjust the /etc/rc.firewall script
>to taste. If you're not interested in having a
>firewall, the following lines will do:
>
>/sbin/ipfw -f flush
>/sbin/ipfw add divert natd all from any to any via
>tun0
>/sbin/ipfw add pass all from any to any
>"
>
>For the moment I don't want a firewall - I just want
>natd to work properly so I've decided to follow these
>3 lines above.
>The first line returns - 'Flushed all rules.'
>The second line returns -
>'00000 divert 8668 ip from any to any via tun0
>ipfw: setsockopt(IP_FW_ADD): Invalid argument'
>
>After trying to connect to port 80 at the IP address
>of the tun0 adapter from a machine on the public
>network it fails so obviously the above error is
>fatal.
>
>I should note that I tried using the aliasing options
>in user ppp with only limited success. Here's a quick
>succession of commands I issue
>
>(1) ppp - starts ppp in
>interactive mode
>
>(2) dial dialup - this dials sucessfully
>and I am able to ping the IP address of the tun0
>adapter from a machine on the public network
>
>(3) alias enable yes - after issuing this I am
>unable to ping the IP address of the tun0 adapter from
>a machine on the public network anymore. Aliasing
>does not work from the internal network. It does if I
>simply issue 'ppp -ddial -alias dialup' from the
>command line though.
>
>(3) alias port tcp 192.168.0.7:80 x.x.x.x:80
> - x.x.x.x is the IP that that the tun0 adapter is
>allocated by ppp. This is meant to forward traffic
>hitting port 80 on x.x.x.x t port 80 on 192.168.0.7.
>This doesn't work.
>
>
>
>
>AS you can see I've tried two avenues - none of them
>being successful. Any ideas as to what needs to be
>done to get this happening successfully?
>
>Thanks in advance,
>Paul
>
>
>_____________________________________________________________________________
>http://au.classifieds.yahoo.com/au/car/ - Yahoo! Cars
>- Buy, sell or finance a car..
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4fcj6t4lmbnirn8j15abqvkvkilu2s0i1t>