Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Aug 2004 00:46:20 -0400
From:      "Rich Shinnick" <rich@stigroup.net>
To:        "'Hakim Singhji'" <Hakim.Singhji@nychhc.org>, "'Hakim Z. Singhji'" <system-administrator@earthlink.net>, "'MatthewSeaman'" <m.seaman@infracaninophile.co.uk>
Cc:        freebsd-questions@freebsd.org
Subject:   RE: HOWTO Ping LAN???
Message-ID:  <200408200446.BVK45845@ms5.netsolmail.com>
In-Reply-To: <20040729T102705Z_C5AF00120003@nychhc.org>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
Hakim,
 
What you are trying to do is possible in two ways:
 
1. SSH to the box, and tunnel to other internal machines according to the
tunnels you have set up. (See the last email I sent).
2. Port forward connections from the Internet "thru" the BSD to internal
machines.
 
Check these links:
http://www.rootprompt.net/freebsd_firewall.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html 


  _____  

From: Hakim Singhji [mailto:Hakim.Singhji@nychhc.org] 
Sent: Thursday, July 29, 2004 10:27 AM
To: Hakim Z. Singhji; MatthewSeaman
Cc: Bill Moran; freebsd-questions@freebsd.org
Subject: Re: HOWTO Ping LAN???


Hi Matt,

You say that the only way I will be able to connect to my network is by
tunneling. 
This is not what I want to do, I thought I may be able to SSH, Telnet, www,
etc. 
from the outside to my default gateway and have the gateway pass SSH,
Telnet, 
www., or any other request to the machine on the private network by
including the 
"localhost.defaultgateway.domain.org" or something to that affect.

Does NAT Overloading only go one way???

Hakim Z. Singhji
Coordinating Mgr. / Infection Control
718-245-3923
hakim.singhji@nychhc.org

>>> Matthew Seaman <m.seaman@infracaninophile.co.uk> 7/29/2004 5:32:32 AM
>>>
On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote:

> Figure 1
> 
> ***************
> * Internet *
> *24.199.1xx.xx*
> ***************
> ~ |
> ~ |
> *************** **************
> * Defaut GW * __ __ *Kids Machine*
> *192.68.0.1 * *192.68.0.3 *
> FreeBSD 4.10 * * Mandrake 10*
> *************** **************
> ~ |
> ~ |
> *****************
> *Wrk Station1*
> *192.68.0.2 *
> *Redhat 9 *
> *****************
> 
> This is a rough diagram of the network... I would like to ssh, ping,
> etc. the machines behind the default gateway directly (without
> tunneling) from the outside the network (at work for example). Is this
> possible and if so how do I config. Keep in mind that my default
> gateway is FreeBSD. I know this may be a complicated project but if you
> could help that would help me greatly. Many thanks to everyone in advance.

I'm afraid that's not going to be possible with your current network
layout. If you want all of your machines to be accessible from the
Internet, then you'll need routable addresses on all of your machines.

I know you've said you don't want to use tunnelling, but
unfortunately, that's the only way you can access a private address
space as you have from outside it. A relatively simple way of doing
that is to ssh into your gateway box, and use the '-L' or '-R'
portforwarding options to create a tunnel to one of the internal
machines, and then ssh or otherwise connect through that tunnel: see
eg.

http://www.linux.ie/articles/tutorials/ssh.php 

One other point: you're going to have problems if you're using
192.168.0.0 as the IP number on your FreeBSD machine. That's the
*network* address, and shouldn't be applied directly to any specific
machine. If you're running your internal network using 192.168.0.0/24
as the address space, then you have 254 addresses (from 192.168.0.1 to
192.168.0.254) to use for client machines, since 192.168.0.0 (network
address) and 192.168.0.255 (broadcast address) are reserved as part of
the networking setup.

Cheers,

Matthew

-- 
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK



[-- Attachment #2 --]
0	*H
010	+0	*H
0j0Ӡ_0
	*H
0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA0
040524231721Z
050524231721Z0b10UShinnick10U*Richard10URichard Shinnick1 0	*H
	rich@stigroup.net00
	*H
0Y
%.e,0pߍ/?m.b".2bf*MŒ*R#,lcldW].舘.KDrs|-]%e}3Q𧓤:6Dl'tqa.0,0U0rich@stigroup.net0U00
	*H
r1[DVCaJG{`f
2`s
ߚ'yi	(ȕ"8Q`+e谥Inr>߮L1*+b'~; ;YψBUHYT?W-+[K90-00
	*H
010	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*H
	personal-freemail@thawte.com0
960101000000Z
201231235959Z010	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*H
	personal-freemail@thawte.com00
	*H
0i԰d[qGQr^}-
{߅%u(t:B,c'{K~ݹΖdnD|Mq@8x^^v]nz|KU)&j8$jDZڣyZ00U00
	*H
~Ngb*M`o`Xa&R5\0JbB#dG)ߝ^l`q\ynG
(|_#&	sC%/uQkw0?0
0
	*H
010	UZA10UWestern Cape10U	Cape Town10U
Thawte Consulting1(0&UCertification Services Division1$0"UThawte Personal Freemail CA1+0)	*H
	personal-freemail@thawte.com0
030717000000Z
130716235959Z0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA00
	*H
0Ħ<UsUNʙZhup[v:aQP
0cZ,p+Z?qV˯<6$*+w=+>@dקe*TH<a@dr`00U00CU<0:08642http://crl.thawte.com/ThawtePersonalFreemailCA.crl0U0)U"0 010UPrivateLabel2-1380
	*H
HP.
fgCL!6-6/P p<ab:~t%Pb'qW%ݩ9 Oe_N4[5MwV!x!5$F]_eO100i0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA_0	+0	*H
	1	*H
0	*H
	1
040820044230Z0#	*H
	1|'ӓ!}[W0g	*H
	1Z0X0
*H
0*H
0
*H
@0+0
*H
(0+0
*H
0x	+71k0i0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA_0z*H
	1ki0b10	UZA1%0#U
Thawte Consulting (Pty) Ltd.1,0*U#Thawte Personal Freemail Issuing CA_0
	*H
&]LiY*$|}:UC3CH=#rTxa811_b>Ny?]ų7-|5oωWE'ĽT~๞HS-˭9U~W=:
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408200446.BVK45845>