From owner-freebsd-net@FreeBSD.ORG Tue Jul 8 04:45:21 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BFAB37B401 for ; Tue, 8 Jul 2003 04:45:21 -0700 (PDT) Received: from fep03-svc.mail.telepac.pt (fep03-svc.mail.telepac.pt [194.65.5.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE9B343FBD for ; Tue, 8 Jul 2003 04:45:19 -0700 (PDT) (envelope-from guilherme@nortenet.pt) Received: from nortenet.pt ([213.13.123.140]) by fep03-svc.mail.telepac.pt (InterMail vM.5.01.04.13 201-253-122-122-113-20020313) with ESMTP id <20030708114518.NNRF1913.fep03-svc.mail.telepac.pt@nortenet.pt> for ; Tue, 8 Jul 2003 12:45:18 +0100 Message-ID: <3F0AAECD.4070601@nortenet.pt> Date: Tue, 08 Jul 2003 12:45:17 +0100 From: Guilherme Oliveira User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030521 X-Accept-Language: pt, pt-br, en-us, en MIME-Version: 1.0 To: FreeBSD-NET@FreeBSD.ORG Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Acess to virtual hosts are being blocked by natd/firewall X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2003 11:45:21 -0000 Hi ! I've configured a dmz and our workstations (192.168.0) acess to external sites very well. But sites that are hosted in 192.168.1 that are port_redirected by natd with static ip are blocked only if acessed by our workstations with 192.168.0 From internet is fine. It blocks www.site-example.com and xxx.xxx.xxx.xxx. It only works with 192.168.1.2 ! /kernel: Connection attempt to TCP xxx.xxx.xxx.xxx:80 from 192.168.0.3:2366 My natd it's configured with natd_flags="-l -s -m -u -dynamic -log_denied -log_ipfw_denied -redirect_port tcp 192.168.1.2:80 xxx.xxx.xxx.xxx:80" The firewall is configured to "OPEN". netstat -r in natd: default adsl-b3-72-1.telep UGSc 2 4300 tun0 localhost localhost UH 0 0 lo0 192.168.0 link#2 UC 5 0 xl1 192.168.0.2 00:e0:7d:ed:1b:de UHLW 0 38 xl1 940 192.168.0.3 00:50:eb:1d:80:dd UHLW 1 379 xl1 657 192.168.0.5 00:08:02:cf:1b:6d UHLW 0 1262 xl1 349 192.168.0.6 00:c0:df:09:a1:31 UHLW 0 24 xl1 560 192.168.0.7 00:c0:df:09:ab:e7 UHLW 0 977 xl1 521 192.168.1 link#3 UC 1 0 xl2 192.168.1.2 00:04:75:e9:c0:04 UHLW 1 257 xl2 331 adsl-b3-72-1.telep adslemp-b3-123-140 UH 2 0 tun0 adslemp-b3-121-73. link#1 UC 0 0 xl0 adslemp-b3-121-74. link#1 UC 0 0 xl0 adslemp-b3-121-75. link#1 UC 0 0 xl0 adslemp-b3-121-76. link#1 UC 0 0 xl0 adslemp-b3-121-77. link#1 UC 0 0 xl0 adslemp-b3-121-78. link#1 UC 0 0 xl0 netstat -r in workstation: Internet: Destination Gateway Flags Refs Use Netif Expire default sarpa UGSc 10 0 sis0 localhost localhost UH 0 140 lo0 192.168.0 link#1 UC 2 0 sis0 sarpa 00:04:75:e0:d4:52 UHLW 12 12204 sis0 596 parpa 00:50:eb:1d:80:dd UHLW 0 39 lo0 It's natd problem or ipfw ?