Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Aug 2004 04:28:02 -0400
From:      "Hakim Z. Singhji" <hzs202@nyu.edu>
To:        Eric Crist <ecrist@secure-computing.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: HOWTO Ping LAN???
Message-ID:  <4125B612.9040109@nyu.edu>
In-Reply-To: <043a01c48673$80bdcd20$6501a8c0@Nomad>
References:  <043a01c48673$80bdcd20$6501a8c0@Nomad>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Thank you for your replies gentlemen, this post is a bit old, I have
already built my FreeBSD NAT box and configured IPFW...I am currently
building a new kernel configuration for the machine to include IPDIVERT,
IPFIREWALL and a few other system specific modifications.

If I have any questions concerning this issue, I will include you both
(Eric, Rich) in the list. Thanks

Eric Crist wrote:
| SEE BOTTOM
|
|>-----Original Message-----
|>From: owner-freebsd-questions@freebsd.org
|>[mailto:owner-freebsd-questions@freebsd.org] On Behalf Of
|>Rich Shinnick
|>Sent: Thursday, August 19, 2004 11:46 PM
|>To: 'Hakim Singhji'; 'Hakim Z. Singhji'; 'MatthewSeaman'
|>Cc: 'Bill Moran'; freebsd-questions@freebsd.org
|>Subject: RE: HOWTO Ping LAN???
|>
|>
|>Hakim,
|>
|>What you are trying to do is possible in two ways:
|>
|>1. SSH to the box, and tunnel to other internal machines
|>according to the tunnels you have set up. (See the last email
|>I sent). 2. Port forward connections from the Internet "thru"
|>the BSD to internal machines.
|>
|>Check these links: http://www.rootprompt.net/freebsd_firewall.html
|>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fire
|>walls.html
|>
|>
|>  _____
|>
|>From: Hakim Singhji [mailto:Hakim.Singhji@nychhc.org]
|>Sent: Thursday, July 29, 2004 10:27 AM
|>To: Hakim Z. Singhji; MatthewSeaman
|>Cc: Bill Moran; freebsd-questions@freebsd.org
|>Subject: Re: HOWTO Ping LAN???
|>
|>
|>Hi Matt,
|>
|>You say that the only way I will be able to connect to my
|>network is by tunneling.
|>This is not what I want to do, I thought I may be able to
|>SSH, Telnet, www, etc.
|>from the outside to my default gateway and have the gateway
|>pass SSH, Telnet,
|>www., or any other request to the machine on the private
|>network by including the
|>"localhost.defaultgateway.domain.org" or something to that affect.
|>
|>Does NAT Overloading only go one way???
|>
|>Hakim Z. Singhji
|>Coordinating Mgr. / Infection Control
|>718-245-3923
|>hakim.singhji@nychhc.org
|>
|>
|>>>>Matthew Seaman <m.seaman@infracaninophile.co.uk>
|>
|>7/29/2004 5:32:32
|>
|>>>>AM
|>>>>
|>
|>On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote:
|>
|>
|>>Figure 1
|>>
|>>***************
|>>* Internet *
|>>*24.199.1xx.xx*
|>>***************
|>>~ |
|>>~ |
|>>*************** **************
|>>* Defaut GW * __ __ *Kids Machine*
|>>*192.68.0.1 * *192.68.0.3 *
|>>FreeBSD 4.10 * * Mandrake 10*
|>>*************** **************
|>>~ |
|>>~ |
|>>*****************
|>>*Wrk Station1*
|>>*192.68.0.2 *
|>>*Redhat 9 *
|>>*****************
|>>
|>>This is a rough diagram of the network... I would like to
|>
|>ssh, ping,
|>
|>>etc. the machines behind the default gateway directly (without
|>>tunneling) from the outside the network (at work for
|>
|>example). Is this
|>
|>>possible and if so how do I config. Keep in mind that my default
|>>gateway is FreeBSD. I know this may be a complicated project but if
|>>you could help that would help me greatly. Many thanks to
|>
|>everyone in
|>
|>>advance.
|>
|>I'm afraid that's not going to be possible with your current
|>network layout. If you want all of your machines to be
|>accessible from the Internet, then you'll need routable
|>addresses on all of your machines.
|>
|>I know you've said you don't want to use tunnelling, but
|>unfortunately, that's the only way you can access a private
|>address space as you have from outside it. A relatively
|>simple way of doing that is to ssh into your gateway box, and
|>use the '-L' or '-R' portforwarding options to create a
|>tunnel to one of the internal machines, and then ssh or
|>otherwise connect through that tunnel: see eg.
|>
|
| http://www.linux.ie/articles/tutorials/ssh.php
|
| One other point: you're going to have problems if you're using
| 192.168.0.0 as the IP number on your FreeBSD machine. That's the
| *network* address, and shouldn't be applied directly to any specific
| machine. If you're running your internal network using 192.168.0.0/24 as
| the address space, then you have 254 addresses (from 192.168.0.1 to
| 192.168.0.254) to use for client machines, since 192.168.0.0 (network
| address) and 192.168.0.255 (broadcast address) are reserved as part of
| the networking setup.
|
| Cheers,
|
| Matthew
|
| --
| Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
| Savill Way
| PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
| Tel: +44 1628 476614 Bucks., SL7 1TH UK
|
|
| Hello,
|
| There is one real solution to this here.
|
| You could setup a DMZ to your Default Gateway.  If this is a Linksys
| Broadband Gateway, it's as simple as checking a box and typing in the
| private IP address.  This routes all incoming (non-statefull)
| connections to this host.  Since your IP changes, use a dynamic DNS
| service such as no-ip.org(sp?) or tzo.com.  I've used TZO.com,
| personally, then I just got DSL with a /29 static IP address allocation.
| This should work without issue, unless your DMZ firewall rules prevent
| it.  I would need more information to let you know.
|
| HTH
|
| Eric F Crist
| Best Access Systems
| 11300 Rupp Dr. Burnsville, MN 55337
| Phone: 952.894.3830
| Cell: 612.998.3588
| Fax: 952-894-1990
|
|
|
| _______________________________________________
| freebsd-questions@freebsd.org mailing list
| http://lists.freebsd.org/mailman/listinfo/freebsd-questions
| To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBJbYRlT9WV6TztkoRAgUhAJ9jgGuS9xXGNH5XzwXmku2w6PheWwCdFPed
3MXw5ZImQrd9oFKT25Imwpk=
=HqoR
-----END PGP SIGNATURE-----

[-- Attachment #2 --]
0	*H
010	+0	*H
	00K0
	*H
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
040817043241Z
050817043241Z0Y10USinghji10U*Hakim10U
Hakim Singhji10	*H
	hzs202@nyu.edu0"0
	*H
0
k
orrkyj2^Oo(4ߺ$IJ5`֍Lhj[/C?]S\Em12_JeLj#
@WYŇO΄"z^$頌]KIl
uhc
YAz|қ͝viF|ܰ]SWq5c0h!b#C898{0lJ_joMh@W_qv`TfM'Pgr$ڔ1zC1>a&xK+0)0U0hzs202@nyu.edu0U00
	*H
naec5 J-0~:"
L<ņe#)-T(%BW]YѰ$'	m|H{!za닓
lx+-Y|OC¿PP>kv,x00K0
	*H
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
040817043241Z
050817043241Z0Y10USinghji10U*Hakim10U
Hakim Singhji10	*H
	hzs202@nyu.edu0"0
	*H
0
k
orrkyj2^Oo(4ߺ$IJ5`֍Lhj[/C?]S\Em12_JeLj#
@WYŇO΄"z^$頌]KIl
uhc
YAz|қ͝viF|ܰ]SWq5c0h!b#C898{0lJ_joMh@W_qv`TfM'Pgr$ڔ1zC1>a&xK+0)0U0hzs202@nyu.edu0U00
	*H
naec5 J-0~:"
L<ņe#)-T(%BW]YѰ$'	m|H{!za닓
lx+-Y|OC¿PP>kv,x0?0
0
	*H
010	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*H
	personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA00
	*H
0Ħ<UsUNʙZhup[v:aQP
0cZ,p+Z?qV˯<6$*+w=+>@dקe*TH<a@dr`00U00CU<0:08642http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U0)U"0 010UPrivateLabel2-1380
	*H
HP.
fgCL!6-6/P p<ab:~t%Pb'qW%ݩ9 Oe_N4[5MwV!x!5$F]_eO1;070i0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0	+0	*H
	1	*H
0	*H
	1
040820082802Z0#	*H
	16̼ޜ#rH4b!iI0R	*H
	1E0C0
*H
0*H
0
*H
@0+0
*H
(0x	+71k0i0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0z*H
	1ki0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
	*H

|?pJѽ4eNY`t{LS
4(͉{v=z'%ˎT
_<"f	'2"o9߆Iv]Ē<}]P1Q	DY&X-'A(Fv3jKܛ(5^賳/e0DVжZ3tywlcng.ZC\YbB<}heW`J[phym[LJ/>by\
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4125B612.9040109>