Date: Mon, 12 Aug 2002 11:21:04 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Derek Sailor <dereksailor@yahoo.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Unable to connect to servers outside of intranet Message-ID: <20020812102104.GD7021@happy-idiot-talk.infracaninophi> In-Reply-To: <20020812030211.47679.qmail@web20508.mail.yahoo.com> References: <20020812030211.47679.qmail@web20508.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 11, 2002 at 08:02:11PM -0700, Derek Sailor wrote:
> I have two server services running, sshd and ftpd.
> >From my internal network (192.168.0.x) on interface
> de0 I'm able to connect fine. However, from the
> internet (on my AT&T broadband cable modem) on
> interface de1 I'm unable to connect at all.
This smells like one of two things to me --- mostly because you've
eliminated pretty much all the other options in your quite excellent
report.
First option is a routing problem: do you have a default route
pointing out of your de1 interface?
netstat -r
will show you what routes you have currently, and this command will
create the route:
route add default 123.45.67.89
where 123.45.67.89 should be replaced by the IP number of your de1
interface. To make that persist across reboots, add:
defaultrouter="123.45.67.89"
to /etc/rc.conf. If your external address is dynamically assigned by
your ISP, then the ppp or dhclient software you're using should have a
facility to automatically handle setting up a default route for you.
Second option is the NAT configuration on your machine. NAT is
principally designed to handle connections starting from the inside
and going out: natd keeps a record of the outgoing packet headers, so
that it can recognise packets coming back in response and forward them
on to the original source.
The problem comes when the connection is initiated from the outside
--- what address should natd forward the packets to? There are
several '-redirect' options given in the natd(8) man page in order to
solve this problem. In your case, I think all you need to do is
redirect tcp traffic on ports 20 (ftp-data), 21 (ftp) and 22 (ssh) to
the internal interface of your machine, by adding
--redirect_port tcp 192.168.0.1:20-22 20-22
to the natd flags (assuming 192.168.0.1 is the address of your de0
interface).
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
Tel: +44 1628 476614 Marlow
Fax: +44 0870 0522645 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020812102104.GD7021>