From owner-freebsd-hackers Thu Jul 16 05:46:17 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA04378 for freebsd-hackers-outgoing; Thu, 16 Jul 1998 05:46:17 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA04373 for ; Thu, 16 Jul 1998 05:46:16 -0700 (PDT) (envelope-from lada@pc8811.gud.siemens.at) Received: from zwei.siemens.at (zwei.siemens.at [193.81.246.12]) by freefall.freebsd.org (8.8.8/8.8.5) with ESMTP id FAA25871 for ; Thu, 16 Jul 1998 05:44:14 -0700 (PDT) Received: from scesie04.sie.siemens.at (root@[10.1.140.1]) by zwei.siemens.at with ESMTP id OAA09624; Thu, 16 Jul 1998 14:43:02 +0200 (MET DST) Received: from scegud01.gud.siemens.at (scegud01.gud.siemens.at [195.3.240.30]) by scesie04.sie.siemens.at () with ESMTP id OAA28885; Thu, 16 Jul 1998 14:43:04 +0200 (METDST) Received: from pc8811.gud.siemens.at (pc8811.gud.siemens.at [195.3.22.159]) by scegud01.gud.siemens.at (8.8.8/8.8.5) with ESMTP id OAA19949; Thu, 16 Jul 1998 14:43:03 +0200 (METDST) Message-ID: X-Mailer: XFMail 1.2 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <199807161205.IAA01215@lakes.dignus.com> Date: Thu, 16 Jul 1998 14:43:05 +0200 (CEST) Organization: Siemens Austria AG From: Marino Ladavac To: Thomas David Rivers Subject: RE: ipfw rules for exposing an internal machine's port externall Cc: freebsd-hackers@freefall.cdrom.com Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 16-Jul-98 Thomas David Rivers wrote: > > > However, I have an internal machine (10.0.0.10) that's set up > to do telnet connections on a different port (e.g. port #PPPP in > the following example.) > > I would like to make those connections available externally. > > So - I've got added: > > ipfw add 50 pass log tcp from any PPPP to 10.0.0.10 PPPP > ipfw add 50 pass log udp from any PPPP to 10.0.0.10 PPPP > > But, if I telnet to the gateway machine at port PPPP as in: > telnet gateway PPPP > all I get is: > Trying x.x.x.x... > telnet: Unable to connect to remote host: Connection refused Hardly any wonder. There is nothing that listens on port PPPP on the gateway machine--ergo, connection refused. > > > If I, however, telnet on the internal network to 10.0.0.10 PPPP > I get connected just fine. Sure, because there is someone listening on port PPPP on 10.0.0.10 > > > > Has anyone done this before? That is, map a particular port number > on one machine to a different one? And, use that with divert to > make a service on an internal machine externally visible? If so, how? First, you don't need divert for that (nor do you want it). What you need is a listener on gateway at port PPPP which then opens a connection to 10.0.0.10 PPPP and forwards all bytes from one end to the other. Take a look at SAMBA, they used to have such a utility (it was used for SMB protocol reverse engineering). /Marino > > - Thanks - > - Dave Rivers - > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message ---------------------------------- Marino Ladavac Date: 16-Jul-98 Time: 14:38:05 ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message