From owner-freebsd-security Thu Dec 10 05:49:03 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA22927 for freebsd-security-outgoing; Thu, 10 Dec 1998 05:49:03 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mgr3.k12.mo.us (mgr3.k12.mo.us [204.184.227.125]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id FAA22922 for ; Thu, 10 Dec 1998 05:49:02 -0800 (PST) (envelope-from rjn103s@mgr3.k12.mo.us) Received: from cave540 (unverified [204.184.227.140]) by mgr3.k12.mo.us (EMWAC SMTPRS 0.83) with SMTP id ; Thu, 10 Dec 1998 07:50:38 -0600 Message-Id: <3.0.6.32.19981210074500.0087a050@mgr3.k12.mo.us> X-Sender: rjn103s@mgr3.k12.mo.us X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Thu, 10 Dec 1998 07:45:00 -0600 To: security@FreeBSD.ORG From: Nelson Subject: firewall && natd && private class B Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Greetings, I would like to put our mail && http server behind our firewall. To do this I setup a small test for the devices and actually placed them behind the firewall, gave the firewall alias addresses, and added some configurations in a configuration file for natd as follows #natd config file same_ports yes #redirect mail redirect_port tcp 172.16.0.3:smtp outside_address:smtp redirect_port udp 172.16.0.3:smtp outside_address:smtp redirect_port tcp 172.16.0.3:pop3 outside_address:pop3 redirect_port udp 172.16.0.3:pop3 outside_address:pop3 #redirect http redirect_port tcp inside_address:80 outside_address:80 redirect_port udp inside_address:80 outside_address:80 voila! It worked for any workstation that had a "real" IP like a champ! However when I tried the workstation with addresses from our Class B I could not get it to work with any address of the form 172.16.xxx.xxx 255.255.0.0 (only tested with w95 boxes). From the client I kept getting 10061 error with the mail. So, I suspected something with the mail client or server however when I tried the webserver I get no success, I get an error of timed outok with private ip's and works like a champ with real ip's. Which lets the mail client and server off the hook. Now I am not for sure where to look for a problem.:( I am thinking I have missed something simple, any ideas what?? Thoughts Welcome! Richard Nelson Technology Director Research & Development Director System Administrator Mountain Grove R-III Schools 420 N. Main Mountain Grove, MO 65711 +++++++++++++++++++++++++++++++++++++++++ + FreeBSD, Linux, & Java = Excellence + + http://www.freebsd.org + + http://www.redhat.com + + http://java.sun.com/ + + Samba + (FreeBSD||Linux)= Free PDC! + + Using FreeBSD for Servers! + + Using Linux for Workstaions! + +++++++++++++++++++++++++++++++++++++++++ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message