From owner-freebsd-questions Mon Dec 9 16:17:47 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E38B637B401 for ; Mon, 9 Dec 2002 16:17:44 -0800 (PST) Received: from entwistle.sonicboom.org (node-423a3b1b-san-onnet.worldcom.com [66.58.59.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1E5F43EC5 for ; Mon, 9 Dec 2002 16:17:39 -0800 (PST) (envelope-from bri@sonicboom.org) Received: from entwistle.sonicboom.org (localhost.sonicboom.org [127.0.0.1]) by entwistle.sonicboom.org (8.12.6/8.12.6) with ESMTP id gBA0HXPe069030; Mon, 9 Dec 2002 16:17:33 -0800 (PST) (envelope-from bri@sonicboom.org) Received: from localhost (bri@localhost) by entwistle.sonicboom.org (8.12.6/8.12.6/Submit) with ESMTP id gBA0HXPg069027; Mon, 9 Dec 2002 16:17:33 -0800 (PST) X-Authentication-Warning: entwistle.sonicboom.org: bri owned process doing -bs Date: Mon, 9 Dec 2002 16:17:33 -0800 (PST) From: Brian To: Joshua Lokken Cc: freebsd-questions@FreeBSD.ORG Subject: Re: SSH through firewall In-Reply-To: Message-ID: <20021209161652.S69024-100000@entwistle.sonicboom.org> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG could use port forwarding to a hi numbered port, forward a hi port on the gateway to a port on the dest box. Bri On Mon, 9 Dec 2002, Joshua Lokken wrote: > Hello all > > I asked this question a couple of weeks back, but have not yet been able to > make this work. > > I often transfer files to my home machines from work using scp. Currently, > if I want to move a file to a machine on my LAN, I first have to copy the > file to a user home dir on the gateway box, then recopy it from the gateway > to the internal box. How do I avoid this extra step? eg, > > 130.94.160.46 ------------------> 12.225.249.250 --------------------> > 10.0.0.2 > (remote machine) (gateway) | > (LAN) > -----------------> 10.0.0.10 > | > -----------------> > 10.0.0.15 > > I have tried this: > > in /etc/rc.conf: > > natd_enable="YES" > natd_interface="ed0" # outside interface > natd_flags="-f /etc/natd.conf" > > and in /etc/natd.conf: > > dynamic yes > redirect_port tcp 10.0.0.2:22 22002 > redirect_port tcp 10.0.0.10:22 22010 > redirect_port tcp 10.0.0.15:22 22015 > > > Near the top of /etc/firewall.conf I have: > > $fwcmd $flags add divert natd all from any to any via $oif > > Connecting to the gateway on port 22 works fine, but all other connections > (22002, 22010, 22015) time out. > I have the proper keys in the proper places and the hosts files are OK. I > appreciate any help. Please cc me, as this address is not subscribed to the > list. Thanks! > > -- > Best Regards, > > Joshua Lokken > OMIC Portland Branch > inspector.us@omicnet.com > 503 807 6538 > -------------------------> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message