Date: Tue, 09 Jan 2001 15:56:04 +0000 From: Mikel King <mikel@ocsinternet.com> To: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: more re: stupid NATD tricks... Message-ID: <3A5B3493.D2E0D3B3@ocsinternet.com>
next in thread | raw e-mail | index | archive | help
Greetings all;
Ok I'm running this question again, because I've already read and
reread everything I can find on the subject. I am trying to get static
NAT working. NATD is working normally, my inside machines can traceroute
and surf and nslookup etc...I know there must be something stupid I've
overlooked
From the outside I've tried simply telneting to the ouside IP on
port 80 from another outside device (...NOTE this works fine from the FW
directly to the inside machine...so I can verify that the http requests
are being answered) and I get the following:
Trying 204.107.76.181...
telnet: connect to address 204.107.76.181: Connection refused
telnet: Unable to connect to remote host
If I remove the redirect_port and put redirect_address 10.0.0.77
208.239.172.50 instead then I get the following;
telnet 208.239.172.50 80
Trying 208.239.172.50...
telnet: connect to address 208.239.172.50: Operation timed out
telnet: Unable to connect to remote host
Remember 10.0.0.77 surfs out through this box fine, and other
workstations on the backnet and surf to 10.0.0.77 without a problem.
Thank in advance for any help.
Cheers,
Mikel
***************** CONFIGURATION FILES etc...
cli:
/sbin/natd -f /etc/rc.natd
rc.natd:
interface fxp0
use_sockets
same_ports
unregistered_only #I've tried it with and
with out this one...
redirect_port tcp 10.0.0.77:80 80 #This should redirect any HTTP
request from the outside to the in...
redirect_port tcp 10.0.0.2:23 23
log
#other rules that i've tried...
#redirect_port tcp 10.0.0.77:80 208.239.172.50:80
#redirect_address 10.0.0.77 208.239.172.50
rc.firewall:
############
# Setup system for firewall service.
# $FreeBSD: src/etc/rc.firewall,v 1.30 2000/02/06 19:24:37 paul Exp $
# Suck in the configuration variables.
if [ -r /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
elif [ -r /etc/rc.conf ]; then
. /etc/rc.conf
fi
fwcmd="/sbin/ipfw"
nif="fxp0"
iif="rl0"
${fwcmd} -f flush
${fwcmd} add divert natd all from any to any via ${nif}
${fwcmd} add pass ip from any to any
${fwcmd} add deny log all from any to any
ipfw show:
00100 15537 1416950 divert 8668 ip from any to any via fxp0
00200 16707 1550670 allow ip from any to any
00300 0 0 deny log logamount 100 ip from any to any
65535 0 0 deny ip from any to any
kernel conf:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
options IPDIVERT
options ICMP_BANDLIM
ps ax (excert):
140 ?? Ss 0:00.25 syslogd -s
161 ?? Ss 0:00.28 cron
164 ?? Is 0:00.54 /usr/sbin/sshd
166 ?? Ss 0:00.13 /usr/sbin/usbd
204 ?? Is 0:00.01 /usr/local/sbin/xinetd -pid
237 ?? Ss 0:01.26 /sbin/natd -f /etc/rc.natd
netstat -rn:
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif
Expire
default 204.107.76.1 UGSc 0 0 fxp0
10/24 link#2 UC 0 0 rl0 =>
10.0.0.77 link#2 UHLW 1 8 rl0 =>
127.0.0.1 127.0.0.1 UH 0 4 lo0
204.107.76 link#1 UC 0 0 fxp0 =>
204.107.76.1 0:e0:1e:e9:ad:1 UHLW 1 0 fxp0
858
204.107.76.19 0:e0:29:84:d0:4b UHLW 2 1864 fxp0
945
204.107.76.111 0:10:4b:14:a7:63 UHLW 0 60 fxp0
859
204.107.76.181 0:3:47:12:3c:51 UHLW 0 8 lo0
208.239.172.50 0:3:47:12:3c:51 UHLS 0 0 lo0 =>
208.239.172.50/32 link#1 UC 0 0 fxp0 =>
Internet6:
Destination Gateway
Flags Neti$::1
::1 UH lo0
fe80::%fxp0/64 link#1
UC fxp0
fe80::%rl0/64 link#2
UC rl0
fe80::%lo0/64 fe80::1%lo0
Uc lo0
ff01::/32 ::1
U lo0
ff02::%fxp0/32 link#1
UC fxp0
ff02::%rl0/32 link#2
UC rl0
ff02::%lo0/32 fe80::1%lo0
UC lo0
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5B3493.D2E0D3B3>