From owner-freebsd-security Fri Aug 10 17:50:20 2001 Delivered-To: freebsd-security@freebsd.org Received: from comnet.ca (comnet.ca [216.191.240.2]) by hub.freebsd.org (Postfix) with ESMTP id E801D37B406 for ; Fri, 10 Aug 2001 17:50:05 -0700 (PDT) (envelope-from webdesigns@comnet.ca) Received: from critter (64.39.176.9.comnet.ca [64.39.176.9]) by comnet.ca (8.11.3/8.11.3) with SMTP id f7B0npv25852; Fri, 10 Aug 2001 20:49:53 -0400 (EDT) Message-ID: <001c01c121ff$6a1b84d0$0200000a@critter> From: "webdesigns COMNET" To: "Dave" Cc: References: <002c01c121dc$2b7a4680$0200000a@critter> <010d01c121dd$e6c8e8a0$3300a8c0@mandy> Subject: Re: HELP PLEASE!! Date: Fri, 10 Aug 2001 20:48:55 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0019_01C121DD.DEBAAEF0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0019_01C121DD.DEBAAEF0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Dave, Thanks for your reply. I tried what you suggested, and I'm still unable to direct incoming = traffic from 64.39.183.78 to the lan client 10.0.0.3.=20 Requests for 64.39.183.78 still goto the gateway box. Here is a few things that my help you determin the problem. [root@thunder:/etc]-> ifconfig -a sis0: flags=3D8843 mtu 1500 inet 64.39.179.9 netmask 0xffffff00 broadcast 64.39.179.255 inet 64.39.183.72 netmask 0xffffffff broadcast 64.39.183.72 inet 64.39.183.73 netmask 0xffffffff broadcast 64.39.183.73 inet 64.39.183.74 netmask 0xffffffff broadcast 64.39.183.74 inet 64.39.183.75 netmask 0xffffffff broadcast 64.39.183.75 inet 64.39.183.76 netmask 0xffffffff broadcast 64.39.183.76 inet 64.39.183.77 netmask 0xffffffff broadcast 64.39.183.77 inet 64.39.183.78 netmask 0xffffffff broadcast 64.39.183.78 inet 64.39.183.79 netmask 0xffffffff broadcast 64.39.183.79 ether 00:30:18:80:20:10 media: Ethernet autoselect (10baseT/UTP) status: active rl0: flags=3D8843 mtu 1500 inet 10.0.0.1 netmask 0xff000000 broadcast 10.255.255.255 ether 00:50:ba:86:16:47 media: Ethernet autoselect (100baseTX) status: active lo0: flags=3D8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 tun0: flags=3D8051 mtu 1492 inet 64.39.176.9 --> 64.39.160.16 netmask 0xff000000 Opened by PID 148 [root@thunder:/etc]-> netstat -r Routing tables Internet: Destination Gateway Flags Refs Use Netif = Expire default speede01.access.go UGSc 36 61 tun0 10 link#2 UC 2 0 rl0 =3D> critter 0:50:ba:8a:c2:e4 UHLW 2 688 rl0 = 1158 chickalicious.com 0:50:ba:ea:60:36 UHLW 0 2 rl0 = 834 speede01.access.go 64.39.176.9 UH 43 0 tun0 64.39.179/24 link#1 UC 0 0 sis0 =3D> shellsandhosting.c link#1 UC 0 0 sis0 =3D> lightning/32 link#1 UC 0 0 sis0 =3D> this.is.a.vhost/32 link#1 UC 0 0 sis0 =3D> mainframe/32 link#1 UC 0 0 sis0 =3D> 64.39.183.76/32 link#1 UC 0 0 sis0 =3D> 64.39.183.77/32 link#1 UC 0 0 sis0 =3D> 64.39.183.78/32 link#1 UC 0 0 sis0 =3D> 64.39.183.79/32 link#1 UC 0 0 sis0 =3D> localhost localhost UH 1 73 lo0 [root@thunder:/etc]-> ipnat -l List of active MAP/Redirect filters: bimap sis0 10.0.0.3/32 -> 64.39.183.78/32 List of active sessions: [root@thunder:/etc]-> I have been trying for 3 days to route my webserver to the outside = world. All your help and input would be greatly appreciated. Jason ----- Original Message -----=20 From: Dave=20 To: webdesigns COMNET=20 Sent: Friday, August 10, 2001 4:49 PM Subject: Re: HELP PLEASE!! Hey, I would recommend using ipnat for one instead of natd (Part of IP = Filter). No particular reason, just a preference. Then its fairly simple, =20 =20 add ipnat_enable=3D"YES" to your /etc/rc.conf file. =20 then=20 echo "bimap sis0 10.0.0.3/32 -> 64.39.183.78/32" >> = /etc/ipnat.rules && ipnat -FC -f /etc/ipnat.rules =20 =20 Hope to have helped. --Dave. =20 ----- Original Message -----=20 From: ShellsAndHosting.com Administration=20 To: freebsd-security@FreeBSD.ORG=20 Sent: Friday, August 10, 2001 9:04 AM Subject: routing Hi, Can someone help me figure out a solution? Here is the setup: modem <-> FreeBSD Gateway <-> switch <-> Lan I would like to forward all request from 64.39.183.78 to a lan = client 10.0.0.3 I have tried using -redirect_address 10.0.0.3 64.39.183.78 with = natd, but it won't work. Any clue why? Interface sis0 is the public interface with 32 ips on it, i would = like to route a few of thoose ips through rl0 (the internal interface) = to my other lan machines. What and how would be my best way? =20 =20 =20 =20 ------=_NextPart_000_0019_01C121DD.DEBAAEF0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi Dave,
 
Thanks for your = reply.
I tried what you suggested, and I'm = still unable to=20 direct incoming traffic from 64.39.183.78 to the lan client 10.0.0.3.=20
Requests for 64.39.183.78 still goto = the gateway=20 box.
 
Here is a few things that my help you = determin the=20 problem.
 
[root@thunder:/etc]-> ifconfig = -a
sis0:=20 flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu=20 1500
        inet 64.39.179.9 = netmask=20 0xffffff00 broadcast = 64.39.179.255
       =20 inet 64.39.183.72 netmask 0xffffffff broadcast=20 64.39.183.72
        inet = 64.39.183.73=20 netmask 0xffffffff broadcast=20 64.39.183.73
        inet = 64.39.183.74=20 netmask 0xffffffff broadcast=20 64.39.183.74
        inet = 64.39.183.75=20 netmask 0xffffffff broadcast=20 64.39.183.75
        inet = 64.39.183.76=20 netmask 0xffffffff broadcast=20 64.39.183.76
        inet = 64.39.183.77=20 netmask 0xffffffff broadcast=20 64.39.183.77
        inet = 64.39.183.78=20 netmask 0xffffffff broadcast=20 64.39.183.78
        inet = 64.39.183.79=20 netmask 0xffffffff broadcast=20 64.39.183.79
        ether=20 00:30:18:80:20:10
        media: = Ethernet=20 autoselect (10baseT/UTP)
        = status:=20 active
rl0: = flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu=20 1500
        inet 10.0.0.1 netmask = 0xff000000 broadcast=20 10.255.255.255
        ether=20 00:50:ba:86:16:47
        media: = Ethernet=20 autoselect (100baseTX)
        = status:=20 active
lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu=20 16384
        inet 127.0.0.1 = netmask=20 0xff000000
tun0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> = mtu=20 1492
        inet 64.39.176.9 = -->=20 64.39.160.16 netmask = 0xff000000
       =20 Opened by PID 148
 
[root@thunder:/etc]-> netstat = -r
Routing=20 tables
 
Internet:
Destination      &nbs= p;=20 Gateway           = =20 Flags    Refs      Use  = Netif=20 Expire
default         &n= bsp; =20 speede01.access.go UGSc      =20 36       61  =20 tun0
10          &nb= sp;     =20 link#2           &= nbsp;=20 UC         =20 2        0    rl0=20 =3D>
critter         &= nbsp; =20 0:50:ba:8a:c2:e4   = UHLW       =20 2      688    rl0  =20 1158
chickalicious.com  0:50:ba:ea:60:36  =20 UHLW       =20 0        2   =20 rl0    834
speede01.access.go=20 64.39.176.9       =20 UH        =20 43        0  =20 tun0
64.39.179/24      =20 link#1           &= nbsp;=20 UC         =20 0        0   sis0=20 =3D>
shellsandhosting.c=20 link#1           &= nbsp;=20 UC         =20 0        0   sis0=20 =3D>
lightning/32      =20 link#1           &= nbsp;=20 UC         =20 0        0   sis0=20 =3D>
this.is.a.vhost/32=20 link#1           &= nbsp;=20 UC         =20 0        0   sis0=20 =3D>
mainframe/32      =20 link#1           &= nbsp;=20 UC         =20 0        0   sis0=20 =3D>
64.39.183.76/32   =20 link#1           &= nbsp;=20 UC         =20 0        0   sis0=20 =3D>
64.39.183.77/32   =20 link#1           &= nbsp;=20 UC         =20 0        0   sis0=20 =3D>
64.39.183.78/32   =20 link#1           &= nbsp;=20 UC         =20 0        0   sis0=20 =3D>
64.39.183.79/32   =20 link#1           &= nbsp;=20 UC         =20 0        0   sis0=20 =3D>
localhost         = ;=20 localhost         =20 UH         =20 1       73    = lo0
 
[root@thunder:/etc]-> ipnat = -l
List of active=20 MAP/Redirect filters:
bimap sis0 10.0.0.3/32  ->=20 64.39.183.78/32
 
List of active=20 sessions:
[root@thunder:/etc]->
I have been trying for 3 days to route = my webserver=20 to the outside world. All your help and input would be greatly=20 appreciated.
 
Jason

 
----- Original Message -----
From:=20 Dave
Sent: Friday, August 10, 2001 = 4:49=20 PM
Subject: Re: HELP = PLEASE!!

Hey,
    I would recommend = using ipnat=20 for one instead of natd (Part of  IP Filter).
    No particular = reason, just a=20 preference.
    Then its fairly=20 simple,
   
 
add ipnat_enable=3D"YES"
to your = /etc/rc.conf=20 file.
 
then
    echo "bimap=20 sis0 10.0.0.3/32 -> 64.39.183.78/32" >>=20 /etc/ipnat.rules && ipnat -FC -f = /etc/ipnat.rules
 
 
Hope to have helped.
--Dave.
 
----- Original Message -----
From: = ShellsAndHosting.com = Administration=20
Sent: Friday, August 10, 2001 9:04 AM
Subject: routing

Hi,
Can someone help me figure out a=20 solution?
Here is the setup:  modem = <->=20 FreeBSD Gateway <-> switch <-> Lan
I would like to forward all request = from=20 64.39.183.78 to a lan client 10.0.0.3
I have tried using = -redirect_address 10.0.0.3=20 64.39.183.78 with natd, but it won't work. Any clue = why?
Interface sis0 is the public = interface with 32=20 ips on it, i would like to route a few of thoose ips through rl0 = (the=20 internal interface) to my other lan machines.
What and how would be my best = way?
 
 
 
 
------=_NextPart_000_0019_01C121DD.DEBAAEF0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message