From owner-freebsd-net@FreeBSD.ORG Wed Jul 23 04:51:45 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 789C337B401 for ; Wed, 23 Jul 2003 04:51:45 -0700 (PDT) Received: from postfix3-2.free.fr (postfix3-2.free.fr [213.228.0.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id D034843F75 for ; Wed, 23 Jul 2003 04:51:44 -0700 (PDT) (envelope-from zel@free.fr) Received: from imptest1-2.proxad.net (impt1-2.free.fr [213.228.0.144]) by postfix3-2.free.fr (Postfix) with ESMTP id A9F16C114 for ; Wed, 23 Jul 2003 13:51:43 +0200 (CEST) Received: by imptest1-2.proxad.net (Postfix, from userid 33) id A0037C4D9; Wed, 23 Jul 2003 13:51:43 +0200 (MEST) Received: from 81.80.243.157 ([81.80.243.157]) by impt1-2.free.fr (IMP) with HTTP for ; Wed, 23 Jul 2003 13:51:43 +0200 Message-ID: <1058961103.3f1e76cf2ab6f@impt1-2.free.fr> Date: Wed, 23 Jul 2003 13:51:43 +0200 From: zel@free.fr To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.1 Subject: PLEASE HEEEEEELLLLPPPP ME... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jul 2003 11:51:45 -0000 please HELP !!! Ok... here is my problem that I tried to explain completly ! The situation is the one below: ===================================== |SpeedToucheHome Ethernet ADSL Modem| | 10.0.0.138/24 | ===================================== | 10.0.0.0/24 | ========================== | 10.0.0.1/24 | | (A) 10.1.0.254/24 |- 10.1.0.0/24 - (... DMZ ...) | 192.168.1.254/24 | ========================== | 192.168.1.0/24 | ... clients workstations My problem is about the computer A which does not what I would like It does. Currently, this computer has a customized kernel with thoses options: IPFIREWALL IPDIVERT but not IPFILTER !!! maybe it is the problem, I don't know ! in the rc.conf, I made the following configuration firewall_enabled="YES" firewall_type="SIMPLE" (but I tried too with OPEN") natd_enable="YES" natd_interface="tun0" (this is the interface for PPPoE, I think) natd_flags="-f /etc/natd.conf" ... and in natd.conf: dynamic interface tun0 redirect_port tcp 10.1.0.1:20-21 20-21 10.1.0.1 is the IP address from my FTP server which is a computer placed in the DMZ. My problem is: "from outside, I cannot access to the FTP server..." What I can say is: First: My FTP server is OK because from inside, I can access to it from any computer in DMZ or from clients workstations. Secund: The answer to an outside request is "connection closed by host". Third: Interface tun0 (the virtual interface for PPPoE) receives the ftp request but does not forward them to ed1 (the outside netcard from A and configured with 10.0.0.1). (I discoverd that with tcpdump). (the others interfaces get no more ftp packets from tun0)... So, what can I do to solve this problem... Thank you Sylvain.