From owner-freebsd-questions@FreeBSD.ORG Tue Nov 25 01:12:32 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BC6116A4CE for ; Tue, 25 Nov 2003 01:12:32 -0800 (PST) Received: from vesta.bitheaven.net (bc120155.bendcable.com [66.220.120.155]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2B7343FDF for ; Tue, 25 Nov 2003 01:12:28 -0800 (PST) (envelope-from nospam@bitheaven.net) Received: from [IPv6:::1] (alcor [192.168.33.2]) by vesta.bitheaven.net (Postfix) with ESMTP id 6CC0439 for ; Tue, 25 Nov 2003 01:12:23 -0800 (PST) Mime-Version: 1.0 (Apple Message framework v606) Content-Transfer-Encoding: quoted-printable Message-Id: <7B48AE56-1F27-11D8-B403-000393C2C922@bitheaven.net> Content-Type: text/plain; charset=WINDOWS-1252; format=flowed To: freebsd-questions@FreeBSD.org From: Clayton F Date: Tue, 25 Nov 2003 01:12:23 -0800 X-Mailer: Apple Mail (2.606) Subject: Problems using natd to access internal webserver X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2003 09:12:32 -0000 I am having trouble using natd to redirect incoming http requests to an=20= internal web server. My ISP blocks incoming port 80 (the dogs!), so the=20= browser needs to send its request on an unprivileged port - I chose=20 port 5500 So in my web browser I enter url http://www.mydomain.com:5500/ My rc.conf sets up the natd redirect as as follows: natd_enable=3D"YES" natd_interface=3D"fxp0" natd_flags=3D"-redirect_port tcp 192.168.1.99:80 5500" my firewall explicitly allows port 5500 entry as follows: pass in quick on fxp0 proto tcp from any to any port =3D 5500 = keep state But when I point my web browser at port 5500, I get the following:=20 "Could not open the page =93http://www.mydomain.com:5500/=94 because = Safari=20 couldn=92t connect to the server =93www.mydomain.com=94. With tcpdump set to listen on port 5500 I get the following output: 01:06:19.345827 e-66-117-83-2.empnet.net.12488 >=20 bc120155.bendcable.com.5500: S 3657164703:3657164703(0) win 65535 (DF) 01:06:19.345988 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.12488: R 0:0(0) ack 3657164704 win 0 01:06:19.390964 e-66-117-83-2.empnet.net.4458 >=20 bc120155.bendcable.com.5500: S 2671871142:2671871142(0) win 65535 (DF) 01:06:19.391015 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.4458: R 0:0(0) ack 2671871143 win 0 01:06:19.434339 e-66-117-83-2.empnet.net.55900 >=20 bc120155.bendcable.com.5500: S 2109062641:2109062641(0) win 65535 (DF) 01:06:19.434390 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.55900: R 0:0(0) ack 2109062642 win 0 01:06:19.479086 e-66-117-83-2.empnet.net.33048 >=20 bc120155.bendcable.com.5500: S 1018302934:1018302934(0) win 65535 (DF) 01:06:19.479130 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.33048: R 0:0(0) ack 1018302935 win 0 01:06:19.522875 e-66-117-83-2.empnet.net.60586 >=20 bc120155.bendcable.com.5500: S 26968154:26968154(0) win 65535 (DF) 01:06:19.523022 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.60586: R 0:0(0) ack 26968155 win 0 01:06:19.578958 e-66-117-83-2.empnet.net.57944 >=20 bc120155.bendcable.com.5500: S 1035247753:1035247753(0) win 65535 (DF) 01:06:19.578993 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.57944: R 0:0(0) ack 1035247754 win 0 01:06:19.623151 e-66-117-83-2.empnet.net.57938 >=20 bc120155.bendcable.com.5500: S 1144796038:1144796038(0) win 65535 (DF) 01:06:19.623189 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.57938: R 0:0(0) ack 1144796039 win 0 01:06:19.666940 e-66-117-83-2.empnet.net.27714 >=20 bc120155.bendcable.com.5500: S 347489487:347489487(0) win 65535 (DF) 01:06:19.666985 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.27714: R 0:0(0) ack 347489488 win 0 01:06:19.709585 e-66-117-83-2.empnet.net.40754 >=20 bc120155.bendcable.com.5500: S 1869973581:1869973581(0) win 65535 (DF) 01:06:19.709612 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.40754: R 0:0(0) ack 1869973582 win 0 01:06:19.756122 e-66-117-83-2.empnet.net.18348 >=20 bc120155.bendcable.com.5500: S 3628283803:3628283803(0) win 65535 (DF) 01:06:19.756152 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.18348: R 0:0(0) ack 3628283804 win 0 01:06:19.804295 e-66-117-83-2.empnet.net.52446 >=20 bc120155.bendcable.com.5500: S 3652608703:3652608703(0) win 65535 (DF) 01:06:19.804377 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.52446: R 0:0(0) ack 3652608704 win 0 01:06:19.847865 e-66-117-83-2.empnet.net.18192 >=20 bc120155.bendcable.com.5500: S 238075128:238075128(0) win 65535 (DF) 01:06:19.847897 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.18192: R 0:0(0) ack 238075129 win 0 01:06:19.891162 e-66-117-83-2.empnet.net.25176 >=20 bc120155.bendcable.com.5500: S 60109903:60109903(0) win 65535 (DF) 01:06:19.891206 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.25176: R 0:0(0) ack 60109904 win 0 01:06:19.934624 e-66-117-83-2.empnet.net.41352 >=20 bc120155.bendcable.com.5500: S 2942823322:2942823322(0) win 65535 (DF) 01:06:19.934652 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.41352: R 0:0(0) ack 2942823323 win 0 01:06:19.976920 e-66-117-83-2.empnet.net.25770 >=20 bc120155.bendcable.com.5500: S 1830184345:1830184345(0) win 65535 (DF) 01:06:19.976947 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.25770: R 0:0(0) ack 1830184346 win 0 01:06:20.019365 e-66-117-83-2.empnet.net.37826 >=20 bc120155.bendcable.com.5500: S 3428010868:3428010868(0) win 65535 (DF) 01:06:20.019392 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.37826: R 0:0(0) ack 3428010869 win 0 01:06:20.063532 e-66-117-83-2.empnet.net.57502 >=20 bc120155.bendcable.com.5500: S 373758618:373758618(0) win 65535 (DF) 01:06:20.063574 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.57502: R 0:0(0) ack 373758619 win 0 01:06:20.112894 e-66-117-83-2.empnet.net.44448 >=20 bc120155.bendcable.com.5500: S 3033730069:3033730069(0) win 65535 (DF) 01:06:20.112935 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.44448: R 0:0(0) ack 3033730070 win 0 01:06:20.155772 e-66-117-83-2.empnet.net.31148 >=20 bc120155.bendcable.com.5500: S 134626080:134626080(0) win 65535 (DF) 01:06:20.155805 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.31148: R 0:0(0) ack 134626081 win 0 01:06:20.198041 e-66-117-83-2.empnet.net.23638 >=20 bc120155.bendcable.com.5500: S 1299869796:1299869796(0) win 65535 (DF) 01:06:20.198067 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.23638: R 0:0(0) ack 1299869797 win 0 01:06:20.240643 e-66-117-83-2.empnet.net.20744 >=20 bc120155.bendcable.com.5500: S 2584151359:2584151359(0) win 65535 (DF) 01:06:20.240671 bc120155.bendcable.com.5500 >=20 e-66-117-83-2.empnet.net.20744: R 0:0(0) ack 2584151360 win 0 It appears the web server's attempt to make the connection is falling=20 on deaf ears. (btw: I've confirmed the web server is up and running - if I set up a=20 localhost port forward using ssh - aka "ssh -L 5500:192.168.1.99:80=20 myname@mydomain.com" I am able to access the web server) Any tips on what I'm doing wrong? Thanks! Clayton