From owner-freebsd-questions  Tue Jun 11  7:45:52 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from pheidippides.md.chalmers.se (pheidippides.md.chalmers.se [129.16.237.91])
	by hub.freebsd.org (Postfix) with ESMTP id 8959637B409
	for <questions@freebsd.org>; Tue, 11 Jun 2002 07:45:42 -0700 (PDT)
Received: from quirm.cs.chalmers.se (quirm.cs.chalmers.se [129.16.225.31])
	by pheidippides.md.chalmers.se (8.10.1/8.10.1) with ESMTP id g5BEje615459;
	Tue, 11 Jun 2002 16:45:40 +0200 (MET DST)
Received: from localhost (davidw@localhost)
	by quirm.cs.chalmers.se (8.8.5/8.8.5) with ESMTP id QAA15340;
	Tue, 11 Jun 2002 16:45:39 +0200 (MEST)
X-Authentication-Warning: quirm.cs.chalmers.se: davidw owned process doing -bs
Date: Tue, 11 Jun 2002 16:45:39 +0200 (MEST)
From: David Wahlstedt <davidw@cs.chalmers.se>
To: <questions@freebsd.org>
Subject: natd port forwarding
Message-ID: <Pine.SOL.4.30.0206111618300.14900-100000@quirm.cs.chalmers.se>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


Hi !


I've got a 486 running picoBSD (the net-floppy based on FreeBSD-2.2.5)
with two network cards:
 ep0 to internet, ADSL with static ip.
 ep1 (10.0.0.1) to LAN, which is a hub attached to a couple of windows
     machines and one FreeBSD-4.5-R machine (10.0.0.4).

The 486 runs natd and ipfw.
It works fine, but I don't get port forwarding to work.
Maybe I have the wrong syntax ?

Do I have to add something in my rc.firewall to get it to work ?
Currently I run the "open" version, so I need any
changes there ? (if we don't bother about security, just to get it work)


I tried with netcat to see if my 1234 port forwarding worked, but it seems
not to.

On my machine 10.0.0.4
> nc -l -p 1234

from anywhere:
> nc 217.bla.bla.bla -p 1234
lkhgkljgh...

Nothing happens.
The syntax of nc was right , i just dont remember it while writing this
mail.

Also with tcpdump I don't see anything.

Any one knows what is missing ?

With regards, David Wahlstedt


here follow my config files:
(My ip is exchanged to 217.bla.bla.bla)
---------------------------------------------------------------------------

natd.conf:

interface ep0
unregistered_only
#alias_address 217.bla.bla.bla
use_sockets yes
same_ports yes
redirect_port tcp 10.0.0.3:411-412 217.bla.bla.bla:411-412
redirect_port udp 10.0.0.3:411-412 217.bla.bla.bla:411-412

redirect_port tcp 10.0.0.3:20-21 217.bla.bla.bla:20-21
redirect_port udp 10.0.0.3:20-21 217.bla.bla.bla:20-21

redirect_port tcp 10.0.0.4:1234 217.bla.bla.bla:1234
redirect_port udp 10.0.0.4:1234 217.bla.bla.bla:1234



---------------------------------------------------------------------------


rc.conf:

#!/bin/sh
#
swapfile="NO"           # Set to name of swapfile if aux swapfile desired.
###  Network configuration sub-section  ######################
### Basic network options: ###
hostname="pico.bostream.se"     # Set this! Detta ar nog fel.
tcp_extensions="NO"             # Allow RFC1323 & RFC1644 extensions (or NO).
network_interfaces="lo0 ep0 ep1"        # List of network interfaces (lo0 is loo
ifconfig_lo0="inet 127.0.0.1"   # default loopback device configuration.
#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry.
ifconfig_ep0="inet 217.bla.bla.bla netmask 255.255.255.0 up"
ifconfig_ep1="inet 10.0.0.1 netmask 255.255.255.128 up"

### Network daemons options: ###
inetd_enable="YES"              # Run the network daemon dispatcher (or NO)
inetd_flags=""                  # Optional flags to inetd
snmpd_enable="NO"              # Run the SNMP daemon (or NO)
snmpd_flags="-C -c /etc/snmpd.conf"     # Optional flags to snmpd
### Network routing options: ###
defaultrouter="217.bla.bla.bla"            # Set to default gateway (or NO).
static_routes=""                # Set to static route list (or leave empty).
gateway_enable="YES"            # Set to YES if this host will be a gateway.
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="open"
firewall_quiet="NO"

natd_program="/sbin/natd"
natd_enable="YES"
natd_interface="ep0"
natd_flags="-f /etc/natd.conf"
tcp_drop_synfin="YES"

arpproxy_all=""                 # replaces obsolete kernel option ARP_PROXYALL.

### Allow local configuration override at the very end here ##
if [ -f /etc/rc.conf.local ]; then
        . /etc/rc.conf.local
fi


---------------------------------------------------------------------------
rc.firewall:

#mitt enda tillägg:

$fwcmd -f flush

$fwcmd add 500 divert 8668 al from any to any via ep0

# i "simple"-delen:

    oif="ep0"
    onet="217.bla.bla.bla"
    omask="255.255.255.0"
    oip="217.bla.bla.bla"

---------------------------------------------------------------------------

Copyright (c) 1992-1998 FreeBSD Inc.
Copyright (c) 1982, 1986, 1989, 1991, 1993
        The Regents of the University of California.  All rights reserved.

FreeBSD 2.2.5-STABLE #0: Mon Mar 23 16:22:37 MYT 1998
    dinesh@broker.alphaque.com:/usr/src/sys/compile/PICOBSD-N.2800
CPU: i486 DX4 (486-class CPU)
  Origin = "GenuineIntel"  Id = 0x480  Stepping=0
  Features=0x3<FPU,VME>
real memory  = 33554432 (32768K bytes)

FreeBSD Kernel Configuration Utility - Version 1.1
 Type "help" for help or "visual" to go to the visual
 configuration interface (requires MGA/VGA display or
 serial terminal capable of displaying ANSI graphics).
config> disable sio0
config> disable sio2
config> disable sio3
config> port lpt0 0x0378
config> port ed0 0x0340
config> irq ed0 4
config> iomem ed0 0x00000000
config> port ed1 0x0320
config> iomem ed1 0x00000000
config> irq ep1 11
config> quit
avail memory = 28262400 (27600K bytes)
Probing for devices on PCI bus 0:
wdc0 <CMD 640B IDE> rev 2 int a irq 14 on pci0:15
chip0 <generic PCI bridge (vendor=1060 device=8881 subclass=0)> rev 1 on pci0:16chip1 <generic PCI bridge (vendor=1060 device=8886 subclass=1)> rev 1 on pci0:18Probing for devices on the ISA bus:
sc0 at 0x60-0x6f irq 1 on motherboard
sc0: VGA mono <16 virtual consoles, flags=0x0>
ed0 not found at 0x340
ed1 not found at 0x320
sio1 at 0x2f8-0x2ff irq 3 on isa
sio1: type 16550A
lpt0 at 0x378-0x37f irq 7 on isa
lpt0: Interrupt-driven port
lp0: TCP/IP capable interface
fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
fdc0: FIFO enabled, 8 bytes threshold
fd0: 1.44MB 3.5in
wdc0 not found at 0x1f0
wdc1 not found at 0x170
2 3C5x9 board(s) on ISA found at 0x300 0x280
ep0 at 0x300-0x30f irq 10 on isa
ep0: utp[*UTP*] address 00:20:af:93:0d:4d
ep1 at 0x280-0x28f irq 11 on isa
ep1: aui/utp/bnc[*UTP*] address 00:a0:24:70:ab:76
npx0 on motherboard
npx0: INT 16 interface
IP packet filtering initialized, divert enabled, default to accept, logging disabled
rootfs is 2800 Kbyte compiled in MFS





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message