Date: Thu, 16 Jul 1998 10:56:09 -0400 (EDT) From: Thomas David Rivers <rivers@dignus.com> To: rivers@dignus.com Cc: freebsd-hackers@freefall.cdrom.com Subject: Tantalizingly close (was: ipfw rules for exposing an internal machine's port externally?) Message-ID: <199807161456.KAA01628@lakes.dignus.com> In-Reply-To: <35AE0711.D86870C9@jezebel.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks to all the wonderful suggestions I've gotten from fellow hackers - I'm tantalizingly close to being able to expose an internal machine to the external network. But, things are quite working yet [By the way, in case I haven't mentioned - this is with 2.2.6.] Here's what I currently have: [10.0.0.1]$ ipfw list 00100 divert 32000 ip from any to any via sl0 00200 allow tcp from any to 166.82.177.48 7490 00201 allow tcp from any to 10.0.0.10 7490 01000 allow ip from any to any via lo0 01010 deny ip from 127.0.0.0/8 to 127.0.0.0/8 65000 allow ip from any to any 65535 deny ip from any to any [10.0.0.1]$ ifconfig sl0 (external interface) sl0: flags=9011<UP,POINTOPOINT,LINK0,MULTICAST> mtu 552 inet 166.82.177.48 --> 166.82.100.202 netmask 0xffffff00 [10.0.0.1]$ ifconfig ed0 (internal interface) ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 ether 66:66:77:00:0b:31 And, natd was run with: /usr/sbin/natd -l -port 32000 -interface sl0 -m -u -dynamic \ -redirect_port tcp 10.0.0.10:7490 7490 When I try to connect to 166.82.177.48 with: telnet 166.82.177.48 7490 (from the 'external world') I no longer get the immediate 'connection refused' [which implies things are getting somewhat routed...] But - I also don't get connected. It eventually times out. [Internal connections from the gateway machine to 10.0.0.10 7490 work just fine.] To me, this implies some route isn't right yet... i.e. the internal machine can't get back to the external network... I have the feeling I'm just missing one little item... which I hope is obvious to the more ipfw/natd-experienced people on the list :-) - Thanks - - Dave Rivers - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807161456.KAA01628>