Date: Tue, 24 Apr 2001 19:22:34 -0400 (EDT) From: Gerry Freymann <freymann@eagle.ca> To: freebsd-questions@freebsd.org Subject: NATD/Ipfw and MultiHomed Fun Message-ID: <Pine.BSF.4.21.0104241908520.95453-100000@marlo.eagle.ca>
next in thread | raw e-mail | index | archive | help
Trying to do this stuff on Bell HSE with PPPoE and Dynamic IP is a royal
PITA!
I have firewall rules (temporarily) that are basically wide open.
I simply want to direct port 81 on my gateway machine to port 81 on a
machine behind.
I've read, read and read some more, but you think I can do something as
"simple" as everybody says?
With my "wide open firewall" my Win98 machine does everything just
fine. I figure it'll be easier to start open, then slowly close it down
based on the default /etc/rc.firewall.
I kinda like my Internet Call Manager, Funk's Proxy (to control a machine
at work), Netmeeting, etc.
I realize firewall / ipfw rules can get complicated... so bear with
me! I've taken it back to simple:
Basic cfg:
vr0: internal network, 192.168.0.0/24
vr1: public IP: dynamic
tun0: my PPPoE device
Current ipfw list results:
00100 divert 8668 ip from any to any via tun0
00200 allow ip from any to any via lo0
00300 allow ip from any to any
65535 deny ip from any to any
(I know, wide open)
Now, upon startup, in /etc/rc.conf:
network_interfaces="vr0 vr1 lo0"
ifconfig_vr0="inet 192.168.0.1 netmask 255.255.255.0 mtu 1492"
# PPPoE stuff
ifconfig_vr1=up
ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="default"
# NAT stuff
gateway_enable="YES" # Set to YES if this host will be a
firewall_enable="YES" # Set to YES to enable firewall
firewall_script="/etc/rc.ipfw" # Which script to run
firewall_type="open" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
natd_program="/sbin/natd" # path to nat
natd_enable="YES" # Enable natd (if firewall_enable == YES).
natd_interface="tun0" # Public interface or IPaddress to use.
natd_flags="-f /etc/natd.conf" # Additional flags for natd.
tcp_drop_synfin="YES" # Set to YES to drop TCP packets with
tcp_restrict_rst="YES"
and in /etc/ppp.conf
default:
set device PPPoE:vr1
set speed sync
set mru 1492
set mtu 1492
set ctsrts off
enable lqr
set authname usrname
set authkey passwd
set log Phase tun command
set dial
set login
set ifaddr 10.0.0.1/0 10.0.0.2/0
add default HISADDR
papchap:
set authname username
set authkey password
Great eh.
Now, I'd like to open up port 81 on 192.168.0.10
so in /etc/natd.conf:
dynamic yes
use_sockets yes
same_ports yes
log yes
redirect_port tcp 192.168.1.10:81 81
But if you go to my public IP and try to access port 81? It just times
out.
I can't even see anything in any of the logs to try and find what's
blocking or even seeing the traffic.
How do you monitor this? debug? etc?
Man, I'm going back to Win98/SyGate/BlackIce. It works, it's fairly
simple. Two weeks on this FreeBSD stuff and still nothing.
Frustrated...
Me.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104241908520.95453-100000>