From owner-freebsd-questions Sat Jan 20 21:48:27 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web5104.mail.yahoo.com (web5104.mail.yahoo.com [216.115.106.74]) by hub.freebsd.org (Postfix) with SMTP id 1C9C637B401 for ; Sat, 20 Jan 2001 21:48:04 -0800 (PST) Message-ID: <20010121054803.2375.qmail@web5104.mail.yahoo.com> Received: from [203.101.90.215] by web5104.mail.yahoo.com; Sun, 21 Jan 2001 16:48:03 EST Date: Sun, 21 Jan 2001 16:48:03 +1100 (EST) From: =?iso-8859-1?q?Paul=20Jansen?= Subject: Re: help with natd problems To: john@T-F-I.freeserve.co.uk Cc: questions@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi John. Yeah I tried that too and it didn't work. I read the userland ppp man page for 3.0 and it actually allows you to specify the incoming IP address as well as the port, although as you've pointed out it's not necessary. I thought I'd try and specify the IP address of the ppp adapter so that there was no confusion as to what was being aliased. It looks like I've have to keep waiting for an answer. Thanks, Paul --- John Murphy wrote: > Hi, > > I'm using the (userland) ppp program on FreeBSD-4.1 > so I don't > know if this will work with your version. From man > ppp: > > nat port proto targetIP:targetPort[-targetPort] > aliasPort[-aliasPort] > [remoteIP:remotePort[-remotePort]] > This command causes incoming proto connections > to aliasPort to be > redirected to targetPort on targetIP. proto is > either ``tcp'' or > ``udp''. > > So something like: > > nat port tcp 192.168.0.3:80 80 > > is (perhaps) all you need. (where 192.168.0.3 is the > web server) > > John. > > > Paul Jansen wrote: > > >Hello. > > > >I've got a small lan connecting to the internet > using > >a PicoBSD 0.41 box (FreeBSD 3.0 based). Currently > I'm > >using a > > > >ppp -alias > > > >command to translate packets out of and into the > >private network (192.168.0.x). I would like to > also > >translate requests originating on the public > network > >and hitting the ppp adapter (tun0). Basically I > want > >to have have traffic that is destined for port 80 > on > >the ppp adapter redirected to a webserver on the > >private network. > >In order to get this happening I'm bringing up a > PPP > >link without the '-alias' option so that I know > that > >no translation is happening. I've read the FreeBSD > >3.0 release man page on natd and come up with this > >natd command line (the ip address of the natd > machine > >is 192.168.0.8): > > > >/sbin/natd -s -m -p 8668 -n tun0 -redirect_port tcp > >192.168.0.7:80 80 > > > >This returns no erros when I issue it. I read in > the > >natd man page: > > > >"Once natd is running, you must ensure that traffic > is > >diverted to natd: > > > >1. You will need to adjust the /etc/rc.firewall > script > >to taste. If you're not interested in having a > >firewall, the following lines will do: > > > >/sbin/ipfw -f flush > >/sbin/ipfw add divert natd all from any to any via > >tun0 > >/sbin/ipfw add pass all from any to any > >" > > > >For the moment I don't want a firewall - I just > want > >natd to work properly so I've decided to follow > these > >3 lines above. > >The first line returns - 'Flushed all rules.' > >The second line returns - > >'00000 divert 8668 ip from any to any via tun0 > >ipfw: setsockopt(IP_FW_ADD): Invalid argument' > > > >After trying to connect to port 80 at the IP > address > >of the tun0 adapter from a machine on the public > >network it fails so obviously the above error is > >fatal. > > > >I should note that I tried using the aliasing > options > >in user ppp with only limited success. Here's a > quick > >succession of commands I issue > > > >(1) ppp - starts ppp in > >interactive mode > > > >(2) dial dialup - this dials > sucessfully > >and I am able to ping the IP address of the tun0 > >adapter from a machine on the public network > > > >(3) alias enable yes - after issuing this I > am > >unable to ping the IP address of the tun0 adapter > from > >a machine on the public network anymore. Aliasing > >does not work from the internal network. It does > if I > >simply issue 'ppp -ddial -alias dialup' from the > >command line though. > > > >(3) alias port tcp 192.168.0.7:80 x.x.x.x:80 > > - x.x.x.x is the IP that that the tun0 adapter is > >allocated by ppp. This is meant to forward traffic > >hitting port 80 on x.x.x.x t port 80 on > 192.168.0.7. > >This doesn't work. > > > > > > > > > >AS you can see I've tried two avenues - none of > them > >being successful. Any ideas as to what needs to be > >done to get this happening successfully? > > > >Thanks in advance, > >Paul > > > > > >_____________________________________________________________________________ > >http://au.classifieds.yahoo.com/au/car/ - Yahoo! > Cars > >- Buy, sell or finance a car.. > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of > the message > _____________________________________________________________________________ http://au.classifieds.yahoo.com/au/car/ - Yahoo! Cars - Buy, sell or finance a car.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message