Date: Tue, 09 Jan 2001 16:54:39 +0000 From: Mikel King <mikel@ocsinternet.com> To: Stefan Molnar <stefan@csudsu.com> Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: more re: stupid NATD tricks... Message-ID: <3A5B424F.E60DCD20@ocsinternet.com> References: <Pine.BSF.4.31.0101091318180.18315-100000@digital.csudsu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
My apologies for not including the rc.conf...but I have;
ifconfig_fxp0_alias0="inet 208.239.172.50 netmask 0xffffffff"
ifconfig fxp0
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 204.107.76.181 netmask 0xffffff00 broadcast 204.107.76.255
inet6 fe80::203:47ff:fe12:3c51%fxp0 prefixlen 64 scopeid 0x1
inet 208.239.172.50 netmask 0xffffffff broadcast 208.239.172.50
ether 00:03:47:12:3c:51
media: autoselect (100baseTX <full-duplex>) status: active
supported media: autoselect 100baseTX <full-duplex> 100baseTX
10baseT/UTP <full-duplex> 10baseT/UTP
Thanks, though it was a good try...
I also forgot to mention I'm running 4.2r...
cheers,
mikel
Stefan Molnar wrote:
> Here is the one thing you have not done. Make an alias interface on the
> external address. Your external interface needs to lissen and anwser
> for all static nat translations.
>
> On Tue, 9 Jan 2001, Mikel King wrote:
>
> > Greetings all;
> >
> > Ok I'm running this question again, because I've already read and
> > reread everything I can find on the subject. I am trying to get static
> > NAT working. NATD is working normally, my inside machines can traceroute
> > and surf and nslookup etc...I know there must be something stupid I've
> > overlooked
> >
> > From the outside I've tried simply telneting to the ouside IP on
> > port 80 from another outside device (...NOTE this works fine from the FW
> > directly to the inside machine...so I can verify that the http requests
> > are being answered) and I get the following:
> >
> > Trying 204.107.76.181...
> > telnet: connect to address 204.107.76.181: Connection refused
> > telnet: Unable to connect to remote host
> >
> > If I remove the redirect_port and put redirect_address 10.0.0.77
> > 208.239.172.50 instead then I get the following;
> >
> > telnet 208.239.172.50 80
> > Trying 208.239.172.50...
> > telnet: connect to address 208.239.172.50: Operation timed out
> > telnet: Unable to connect to remote host
> >
> > Remember 10.0.0.77 surfs out through this box fine, and other
> > workstations on the backnet and surf to 10.0.0.77 without a problem.
> >
> > Thank in advance for any help.
> >
> > Cheers,
> > Mikel
> >
> > ***************** CONFIGURATION FILES etc...
> >
> > cli:
> > /sbin/natd -f /etc/rc.natd
> >
> > rc.natd:
> > interface fxp0
> > use_sockets
> > same_ports
> > unregistered_only #I've tried it with and
> > with out this one...
> > redirect_port tcp 10.0.0.77:80 80 #This should redirect any HTTP
> > request from the outside to the in...
> > redirect_port tcp 10.0.0.2:23 23
> > log
> >
> > #other rules that i've tried...
> > #redirect_port tcp 10.0.0.77:80 208.239.172.50:80
> > #redirect_address 10.0.0.77 208.239.172.50
> >
> > rc.firewall:
> > ############
> > # Setup system for firewall service.
> > # $FreeBSD: src/etc/rc.firewall,v 1.30 2000/02/06 19:24:37 paul Exp $
> >
> > # Suck in the configuration variables.
> > if [ -r /etc/defaults/rc.conf ]; then
> > . /etc/defaults/rc.conf
> > elif [ -r /etc/rc.conf ]; then
> > . /etc/rc.conf
> > fi
> >
> > fwcmd="/sbin/ipfw"
> > nif="fxp0"
> > iif="rl0"
> > ${fwcmd} -f flush
> > ${fwcmd} add divert natd all from any to any via ${nif}
> > ${fwcmd} add pass ip from any to any
> > ${fwcmd} add deny log all from any to any
> >
> > ipfw show:
> > 00100 15537 1416950 divert 8668 ip from any to any via fxp0
> > 00200 16707 1550670 allow ip from any to any
> > 00300 0 0 deny log logamount 100 ip from any to any
> > 65535 0 0 deny ip from any to any
> >
> > kernel conf:
> > options IPFIREWALL
> > options IPFIREWALL_VERBOSE
> > options IPFIREWALL_VERBOSE_LIMIT=100
> > options IPDIVERT
> > options ICMP_BANDLIM
> >
> > ps ax (excert):
> > 140 ?? Ss 0:00.25 syslogd -s
> > 161 ?? Ss 0:00.28 cron
> > 164 ?? Is 0:00.54 /usr/sbin/sshd
> > 166 ?? Ss 0:00.13 /usr/sbin/usbd
> > 204 ?? Is 0:00.01 /usr/local/sbin/xinetd -pid
> > 237 ?? Ss 0:01.26 /sbin/natd -f /etc/rc.natd
> >
> > netstat -rn:
> > Routing tables
> > Internet:
> > Destination Gateway Flags Refs Use Netif
> > Expire
> > default 204.107.76.1 UGSc 0 0 fxp0
> > 10/24 link#2 UC 0 0 rl0 =>
> >
> > 10.0.0.77 link#2 UHLW 1 8 rl0 =>
> >
> > 127.0.0.1 127.0.0.1 UH 0 4 lo0
> > 204.107.76 link#1 UC 0 0 fxp0 =>
> >
> > 204.107.76.1 0:e0:1e:e9:ad:1 UHLW 1 0 fxp0
> > 858
> > 204.107.76.19 0:e0:29:84:d0:4b UHLW 2 1864 fxp0
> > 945
> > 204.107.76.111 0:10:4b:14:a7:63 UHLW 0 60 fxp0
> > 859
> > 204.107.76.181 0:3:47:12:3c:51 UHLW 0 8 lo0
> > 208.239.172.50 0:3:47:12:3c:51 UHLS 0 0 lo0 =>
> >
> > 208.239.172.50/32 link#1 UC 0 0 fxp0 =>
> >
> > Internet6:
> > Destination Gateway
> > Flags Neti$::1
> > ::1 UH lo0
> > fe80::%fxp0/64 link#1
> > UC fxp0
> > fe80::%rl0/64 link#2
> > UC rl0
> > fe80::%lo0/64 fe80::1%lo0
> > Uc lo0
> > ff01::/32 ::1
> > U lo0
> > ff02::%fxp0/32 link#1
> > UC fxp0
> > ff02::%rl0/32 link#2
> > UC rl0
> > ff02::%lo0/32 fe80::1%lo0
> > UC lo0
> >
> >
> >
> >
> >
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
> >
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5B424F.E60DCD20>