Date: 12 Aug 2002 09:50:40 +0000 From: Josh Paetzel <friar_josh@webwarrior.net> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: Derek Sailor <dereksailor@yahoo.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Unable to connect to servers outside of intranet Message-ID: <1029145843.279.13.camel@heater.vladsempire.net> In-Reply-To: <20020812102104.GD7021@happy-idiot-talk.infracaninophi> References: <20020812030211.47679.qmail@web20508.mail.yahoo.com> <20020812102104.GD7021@happy-idiot-talk.infracaninophi>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2002-08-12 at 10:21, Matthew Seaman wrote: > On Sun, Aug 11, 2002 at 08:02:11PM -0700, Derek Sailor wrote: > > > I have two server services running, sshd and ftpd. > > >From my internal network (192.168.0.x) on interface > > de0 I'm able to connect fine. However, from the > > internet (on my AT&T broadband cable modem) on > > interface de1 I'm unable to connect at all. > > This smells like one of two things to me --- mostly because you've > eliminated pretty much all the other options in your quite excellent > report. > > First option is a routing problem: do you have a default route > pointing out of your de1 interface? > > netstat -r > > will show you what routes you have currently, and this command will > create the route: > > route add default 123.45.67.89 > > where 123.45.67.89 should be replaced by the IP number of your de1 > interface. To make that persist across reboots, add: > > defaultrouter="123.45.67.89" > > to /etc/rc.conf. If your external address is dynamically assigned by > your ISP, then the ppp or dhclient software you're using should have a > facility to automatically handle setting up a default route for you. > > Second option is the NAT configuration on your machine. NAT is > principally designed to handle connections starting from the inside > and going out: natd keeps a record of the outgoing packet headers, so > that it can recognise packets coming back in response and forward them > on to the original source. > > The problem comes when the connection is initiated from the outside > --- what address should natd forward the packets to? There are > several '-redirect' options given in the natd(8) man page in order to > solve this problem. In your case, I think all you need to do is > redirect tcp traffic on ports 20 (ftp-data), 21 (ftp) and 22 (ssh) to > the internal interface of your machine, by adding > > --redirect_port tcp 192.168.0.1:20-22 20-22 > > to the natd flags (assuming 192.168.0.1 is the address of your de0 > interface). > > Cheers, > > Matthew If there are no redirect rules in place on a box running natd, incoming connections are routed to the natd box itself. I have a setup virtually identical to Derek's and incoming connections work fine. I doubt it would be a default route issue, since he seems to have internet connectivity. One issue that many cable users have is their providers filter various ports below 1024 in an attempt to keep their users from running servers on their networks. It sounds like from Derek's mail that he had a working setup in 3.x and it broke in 4.x though, making the port filtering scenario very unlikely. Derek, I'd like to see your rc.conf as well as the output of netstat -nr. I'm sure we can get to the bottom of this. Josh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1029145843.279.13.camel>