From owner-freebsd-questions  Sun Aug 20  9:41:40 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from hotmail.com (law-f145.hotmail.com [209.185.131.208])
	by hub.freebsd.org (Postfix) with ESMTP id A670737B423
	for <freebsd-questions@FreeBSD.ORG>; Sun, 20 Aug 2000 09:41:37 -0700 (PDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sun, 20 Aug 2000 09:41:37 -0700
Received: from 62.253.154.220 by lw1fd.hotmail.msn.com with HTTP;	Sun, 20 Aug 2000  GMT
X-Originating-IP: [62.253.154.220]
From: "Ian Hunter" <ihunter@hotmail.com>
To: freebsd-questions@FreeBSD.ORG
Subject: NATD rules ignored, Faking the outside & bpfilter with Samba
Date: Sun, 20 Aug 2000 16:41:37 GMT
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <LAW-F145uylJc0xvlUQ0000164f@hotmail.com>
X-OriginalArrivalTime: 20 Aug 2000 16:41:37.0368 (UTC) FILETIME=[8215DD80:01C00AC5]
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

[Sorry about the wierd title - but will explain!]

Hi Folks,

I'm trying to set up VNC for access from outside my network. I'm using 
ipfw/natd on a pure FBSD box to talk to an internal WinTel box. However, I 
can't connect.

After much trial & error & head scratches, I've deduced that my natd rules 
are being ignored. I've set up the simplest config files I could and they 
are below, together with natd verbose output. Any suggestions much 
appreciated!

The other parts of the subject? Well on my travels it would have been nice 
to have faked an outside connecting client (ie a connection coming in 
through tun0). Is there a way of doing this?

AND

I tried to get bpfilter working, and managed. But samba just wouldn't work. 
Again any suggestions appreciated.

==================================================================
[I think I've given all necessary info...please let me know if I should give 
more]

Working with FreeBSD 3.1 RELEASE off a CD

rc.firewall
-----------
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via tun0
/sbin/ipfw add pass log all from any to any

natd.conf
---------
interface tun0
dynamic yes
redirect_port tcp <INTERNAL_IP>:5800 5800
redirect_port tcp <INTERNAL_IP>:5900 5900

natd log
--------
In  [TCP]  <EXTERNAL_IP>:1027 -> <IFACE_IP>:5800 aliased to
           <EXTERNAL_IP>:1027 -> <IFACE_IP>:5800
Out [TCP]  <IFACE_IP>:5800 -> <EXTERNAL_IP>:1027 aliased to
           <IFACE_IP>:5800 -> <EXTERNAL_IP>:1027

[No ref. to <INTERNAL_IP> at all!]

My rules seem to be being ignored.

Any suggestions, gratefully recieved.

Many Thanks
Ian Hunter

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message