Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Jul 2002 14:06:07 -0300
From:      "Luiz Morte da Costa Jr" <morte@dsee.fee.unicamp.br>
To:        <ipfw@FreeBSD.ORG>
Subject:   rexec
Message-ID:  <JOEOLCOLHDHJOCFFCBAFGEACCGAA.morte@dsee.fee.unicamp.br>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
Hi there,

I have a ipfw+nat running in a FreeBSD 4.5.
I have this configuration:

Internet 1 (fxp0)          Internet 2 (fxp1)
   (a.b.c.164)                 (a.b.d.80)
     / \                                 / \
      |                                   |
--------------------------------------------------
                       |
                      \ /
               Internal (fxp2)
              (10.10.10.129)

Obs:
- The IP Class x.y.z.0 is in fxp0 network.
- The default route to a.b.c.0 IP Class is a.b.c.129
- In /etc/rc.conf
  defaultrouter="a.b.d.65"


I have a sun with a valid IP and with a calendar server running
- IP: a.b.c.152
- valid IP
- calendar server running

I have a PC in a internal network
- IP: 10.10.10.130
- no valid IP
- calendar client

My problem is to have access in a calendar server from a internal IP (10.10.10.130)

===============================================
NAT:
/sbin/natd -p 8668 -n fxp0   (natd)
/sbin/natd -p 8669 -n fxp1   (natd2)

My rules are:

# Internal IP Class
add 0011 skipto 0055 all from a.b.c.0/24 to any
add 0012 skipto 0055 all from any to a.b.c.0/24
add 0013 skipto 0055 all from x.y.z.0/24 to any
add 0014 skipto 0055 all from any to x.y.z.0/24
#
# NAT for all IP Class
add 0051 divert natd2 all from any to any
add 0052 skipto 0100 all from any to any
#
# NAT for Internal IP Class
add 0055 divert natd all from any to any
# forward internal IP Class
add 0056 fwd a.b.c.129 all from a.b.c.164 to any out
#
# Deny source routing, record route
add 0100 deny log tcp from any to any ipoptions ssrr,lsrr,rr
# Allow loop back
add 0102 allow all from any to any via lo0
#
# Allow all (for test)
add 60000 allow log logamount 20000 all from any to any
===================================================

Thanks any way,
Luiz.

[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2716.2200" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2>Hi there,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>I have a ipfw+nat running in a FreeBSD 
4.5.</FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>I have this 
configuration:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>Internet 
1&nbsp;(fxp0) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Internet 2 
(fxp1)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>&nbsp;&nbsp; 
(a.b.c.164)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;(a.b.d.80)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/&nbsp;\&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;/ 
\</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
|</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002>--------------------------------------------------</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
&nbsp;&nbsp; |</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
&nbsp;&nbsp;&nbsp; &nbsp;\ /</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
Internal (fxp2)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
(10.10.10.129)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002>Obs:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>- The IP Class 
x.y.z.0 is in fxp0 network.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>- The default 
route&nbsp;to&nbsp;a.b.c.0 IP Class&nbsp;is a.b.c.129</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>- 
</SPAN></FONT><FONT face=Arial size=2><SPAN class=151191713-10072002>In 
/etc/rc.conf</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>&nbsp; 
defaultrouter=</SPAN></FONT>"<FONT face=Arial size=2><SPAN 
class=151191713-10072002>a.b.d.65"</SPAN></FONT></DIV></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>I have a sun with a 
valid IP and with a calendar&nbsp;server running</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>- IP: 
a.b.c.152</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>- valid 
IP</SPAN></FONT></DIV></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>- calendar server 
running</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>I have a PC in a 
internal network</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>- IP: 
10.10.10.130</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>- no valid 
IP</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>- calendar 
client</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>My problem is to 
have access in a calendar server&nbsp;from a internal IP 
(10.10.10.130)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002>===============================================</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002>NAT:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>/sbin/natd -p 8668 
-n fxp0&nbsp;&nbsp; (natd)<BR>/sbin/natd -p 8669 -n fxp1&nbsp;&nbsp; 
(natd2)<BR></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>My rules 
are:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002># Internal IP 
Class</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>add 0011 skipto 0055 
all from a.b.c.0/24 to any<BR>add 0012 skipto 0055 all from any to 
a.b.c.0/24<BR>add 0013 skipto 0055 all from x.y.z.0/24 to any<BR>add 0014 skipto 
0055 all from any to x.y.z.0/24<BR>#</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002># NAT for all IP 
Class<BR>add 0051 divert natd2 all from any to any<BR>add 0052 skipto 0100 all 
from any to any<BR>#</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002># NAT for Internal 
IP Class<BR>add 0055 divert natd all from any to any<BR># forward internal IP 
Class<BR>add 0056 fwd a.b.c.129 all from a.b.c.164 to any out<BR>#<BR># 
Deny&nbsp;source routing, record route<BR>add 0100 deny log tcp from any to any 
ipoptions ssrr,lsrr,rr<BR># Allow&nbsp;loop back<BR>add 0102 allow all from any 
to any via lo0<BR></SPAN></FONT><FONT face=Arial size=2><SPAN 
class=151191713-10072002>#<BR># Allow all (for test)<BR>add 60000 allow log 
logamount 20000 all from any to 
any<BR>===================================================</DIV></SPAN></FONT>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=Arial size=2><SPAN class=151191713-10072002>Thanks any 
way,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN 
class=151191713-10072002>Luiz.</SPAN></FONT></DIV></BODY></HTML>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?JOEOLCOLHDHJOCFFCBAFGEACCGAA.morte>