From owner-freebsd-questions@FreeBSD.ORG Mon Mar 15 04:27:42 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 63E9716A4CE for ; Mon, 15 Mar 2004 04:27:42 -0800 (PST) Received: from mail.evilcoder.org (cust.94.120.adsl.cistron.nl [195.64.94.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id C375843D45 for ; Mon, 15 Mar 2004 04:27:39 -0800 (PST) (envelope-from remko@elvandar.org) From: "Remko Lodder" To: "Robert Storey" , Date: Mon, 15 Mar 2004 13:27:34 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) In-Reply-To: <20040315201004.21d1a6f1.y2kbug@ms25.hinet.net> Importance: Normal X-Virus-Scanned: for evilcoder.org Subject: RE: bypassing a proxy server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2004 12:27:42 -0000 Hi, questions are never stupid, you did some research at forehand that makes you smarter then others, but they are also not stupid. You want to have portforwarding on the Win2k machine to your fbsd system, (with a dedicated internal ip), it maps connections from the extern ip on the win2k machine to your machine and back, at least that is done in most firewallsetups including mine(bsd based so no windows actually). But it might be possible to do so, i cannot imagine that there isn't a tool for windows which does the same. The hub setup won't work, you should never get a ip addr through that hub, in my humble opinion. Also i cannot see the logic of your anonymous ftp server, be aware that there are risks, it might be breached, there might be warez and other shit on it then, make sure you asked permission for that, before they kick you. So Portmapping is your answer i think Cheers -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]Namens Robert Storey Verzonden: maandag 15 maart 2004 20:10 Aan: freebsd-questions@freebsd.org Onderwerp: bypassing a proxy server As some of you may recall, I'm engaged in an ongoing saga trying to set up a FreeBSD machine on a school's network. The school is Windows only - the administration knows nothing about FreeBSD (or Linux), and it's up to me to prove to them that FBSD is worth teaching to the students. Due to my lobbying, the school has given me one old computer to play with, and I have installed FreeBSD on it. But there are problems. The biggest is that the gateway machine is Windows 2000 and it's running a proxy server (to keep the students from visiting naughty web sites). So the FreeBSD machine cannot get through to the Internet with http, though the Windows machines can. On the other hand, the FBSD box can get through the gateway with ssh and ftp (though performance is sluggish, even with a T1 line). Furthermore, I want the FreeBSD machine to run an anonymous ftp server. Forgive the crappy drawing (I never claimed to be an artist), but this is how the network looks at the moment (except that there are 10 Windows clients, not 2): |-------| |windows| |------------| |------| |client | | Win2000 | | |----|-------| T1--------|proxy server|----|switch| | & gateway | | |----|-------| |------------| |---|--| |windows| | |client | | |-------| | |-----|----| | FBSD ftp | | server | |----------| The problem is that this doesn't work. People from outside the network can't get through to the FBSD ftp server. Clearly, that Win2000 proxy server is an evil machine. When I last discussed this problem (on this list), Matthew wrote back and offered me a pretty thorough explanation of the problem, which is posted here: http://freebsd.rambler.ru/bsdmail/freebsd-questions_2002/msg34253.html OK, I'm convinced, running a ftp server from a NAT gateway is a disaster. So I'm looking for a way around it. I have an old unused hub, and I've been thinking that this might be a possible solution (sort of like a DMZ?)... |-------| |windows| |------------| |------| |client | | Win2000 | | |----|-------| T1--HUB---|proxy server|----|switch| | | & gateway | | |----|-------| | |------------| |------| |windows| | |client | | |-------| | |----|-----| | FBSD ftp | | server | |----------| The only problem I see here is I don't know how I'm going to get an address for the ftp server. The Win2000 gateway has a static address, it dishes out addresses to the clients with dhcp. The NAT addresses are of course internal addresses like 10.0.0.12, but the school does own a block of 64 static addresses. If I simply stick a hub in front of the gateway machine, all traffic to the gateway will also be sent to the ftp server - I know that will cause packet collisions, but I can live with the crappy performance because it's a very low traffic environment. My main concern is simply how to assign an address to the ftp server without disconnecting the gateway machine. I'm sorry if I'm asking a dumb question, but I'm a novice when it comes to setting up networks. I haven't found anything on Google that deals with this particular question, and there is nobody around here that I can ask. Any advice is appreciated. Thanks in advance, Robert _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"