From owner-freebsd-questions Mon Jan 21 6: 4: 6 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.broadpark.no (217-13-4-9.dd.nextgentel.com [217.13.4.9]) by hub.freebsd.org (Postfix) with ESMTP id C8BAA37B402 for ; Mon, 21 Jan 2002 06:03:56 -0800 (PST) Received: from ninja.amphex.com (ninja.amphex.com [217.13.29.51]) by mail.broadpark.no (Postfix) with SMTP id DB36E8013; Mon, 21 Jan 2002 15:02:00 +0100 (MET) Date: Mon, 21 Jan 2002 15:01:57 +0100 From: J.S. To: freebsd-questions@freebsd.org Cc: kundeservice@nextgentel.com Subject: Cisco 677i-DIR's "show nat" Message-Id: <20020121150158.2ca049cc.johann@broadpark.no> X-Mailer: Sylpheed version 0.6.5 (GTK+ 1.2.10; i386--freebsd4.4) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi. I'm connected on an ADSL connection through a Cisco 677i-Dir ADSL-modem (router) which then heads straight to my ISP (nextgentel.no). Every time a daemon or an application needs to go through a port, I have to manually add a redirection entry on the router (10.0.0.1) through telnet. I just added these entries: ---------------------------------------------------------- >> identd: set nat entry add 10.0.0.2 113 0.0.0.0 113 tcp ftpd/sshd: set nat entry add 10.0.0.2 20-22 0.0.0.0 20-22 tcp apache: set nat entry add 10.0.0.2 80 0.0.0.0 80 tcp bind: set nat entry add 10.0.0.2 53 0.0.0.0 53 tcp dcc: set nat entry add 10.0.0.2 1024-5000 0.0.0.0 1024-5000 tcp ---------------------------------------------------------- >> The command 'show nat' prints the current NAT activity: ---------------------------------------------------------- >> cbos>show nat NAT is currently enabled Port Network Global eth0 Inside wan0-0 Outside 217.13.**.** vip0 Outside vip1 Outside vip2 Outside Local IP : Port Global IP : Port Timer Flags Proto Interface 10.0.0.2:6666 *****:6666 0 0x10041 tcp eth0 -6700 -6700 10.0.0.2:6666 *****:6666 0 0x00041 tcp eth0 10.0.0.2:6667 *****:6667 0 0x10041 tcp eth0 -6700 -6700 10.0.0.2:1024 *****:1024 0 0x10041 tcp eth0 -5000 -5000 10.0.0.2:1024 *****:1024 0 0x10041 tcp eth0 -4999 -4999 10.0.0.2:53 *****:53 0 0x00041 tcp eth0 10.0.0.2:80 *****:80 0 0x00041 tcp eth0 10.0.0.2:20 *****:20 0 0x10041 tcp eth0 -22 -22 10.0.0.2:49152 *****:49152 0 0x10041 tcp eth0 -65535 -65535 10.0.0.2:113 *****:113 0 0x00041 tcp eth0 10.0.0.2:1030 *****:1030 0 0x10041 tcp eth0 -1040 -1040 10.0.0.2:2001 *****:2001 0 0x00041 tcp eth0 10.0.0.2:21 *****:21 0 0x00041 tcp eth0 10.0.0.2:1 *****:1 0 0x10041 icmp eth0 -65000 -65000 10.0.0.2:1 *****:1 0 0x10041 udp eth0 -65000 -65000 10.0.0.2:1 *****:1 0 0x10041 tcp eth0 -65000 -65000 10.0.0.2:2412 217.13.**.**:2412 1140 0x04046 tcp eth0 wan0-0 10.0.0.2:2416 217.13.**.**:2416 1200 0x04046 tcp eth0 wan0-0 10.0.0.2:2441 217.13.**.**:2441 1200 0x04046 tcp eth0 wan0-0 10.0.0.2:2465 217.13.**.**:2465 1140 0x04046 tcp eth0 wan0-0 10.0.0.2:1157 217.13.**.**:1157 120 0x04046 udp eth0 wan0-0 10.0.0.2:1158 217.13.**.**:1158 120 0x04046 udp eth0 wan0-0 10.0.0.2:1159 217.13.**.**:1159 270 0x04046 udp eth0 wan0-0 10.0.0.2:2984 217.13.**.**:2984 900 0x04046 tcp eth0 wan0-0 10.0.0.2:2985 217.13.**.**:2985 900 0x04046 tcp eth0 wan0-0 10.0.0.2:2986 217.13.**.**:2986 900 0x04046 tcp eth0 wan0-0 10.0.0.2:2987 217.13.**.**:2987 900 0x04046 tcp eth0 wan0-0 10.0.0.2:1160 217.13.**.**:1160 270 0x04046 udp eth0 wan0-0 10.0.0.2:1161 217.13.**.**:1161 300 0x04046 udp eth0 wan0-0 10.0.0.2:2990 217.13.**.**:2990 900 0x04046 tcp eth0 wan0-0 10.0.0.2:1162 217.13.**.**:1162 300 0x04046 udp eth0 wan0-0 10.0.0.2:3008 217.13.**.**:3008 1200 0x04046 tcp eth0 wan0-0 10.0.0.2:1163 217.13.**.**:1163 600 0x04046 udp eth0 wan0-0 10.0.0.2:3010 217.13.**.**:3010 60 0x04046 tcp eth0 wan0-0 ---------------------------------------------------------- >> Now, this is what wonders me: 1. How come the portranges 1024-4999, 49152-65535, 1030-1040, 2001 and 1-65000 are open? All of these are portranges I've opened in the past (in unsuccessful attempts to get my DCC working), which ought to have been deleted by the 'set nat entry del all' which I just performed. I tried deleting them one by one as well, though that didn't seem to have much effect: cbos#set nat entry delete 10.0.0.2 49152-65535 0.0.0.0 49152-65535 tcp Error: You entered an invalid port number 2. I just discovered that using the setting /set DCC_USE_OWN_IP in my IRC client will allow my DCC to function properly. Is this something that could have been done without opening the portrange 1024-5000? I mean, does the low portrange FreeBSD uses really have to be added? If so, what about the high portrange, 49152-65535? Well, this is it. Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message