From owner-freebsd-questions@FreeBSD.ORG Tue Jan 4 14:10:26 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E2D416A4D2 for ; Tue, 4 Jan 2005 14:10:25 +0000 (GMT) Received: from hotmail.com (bay22-f23.bay22.hotmail.com [64.4.16.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA70C43D45 for ; Tue, 4 Jan 2005 14:10:02 +0000 (GMT) (envelope-from mattiasnys@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 4 Jan 2005 06:10:01 -0800 Message-ID: Received: from 81.226.11.28 by by22fd.bay22.hotmail.msn.com with HTTP; Tue, 04 Jan 2005 14:09:13 GMT X-Originating-IP: [81.226.11.28] X-Originating-Email: [mattiasnys@hotmail.com] X-Sender: mattiasnys@hotmail.com From: "Mattias Nyström" To: freebsd-questions@freebsd.org Date: Tue, 04 Jan 2005 14:09:13 +0000 X-OriginalArrivalTime: 04 Jan 2005 14:10:01.0873 (UTC) FILETIME=[14DBF810:01C4F267] MIME-Version: 1.0 Content-Type: text/plain; format="flowed" X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: setting up vpn X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jan 2005 14:10:26 -0000 hi i have set up a gateway (freebsd 4.10) that has a network behind using natd. on this internal network i have a fileserver that i need to be able to reach from outside. this is how it looks: my xp computer | | (INTERNET) | | (external ip 1.2.3.4) GATEWAY (using ipfw. ipwf set to open at the moment) (internal ip 10.10.1.1) * * * (internal ip 10.10.1.34) fileserver the connection must be secure. tried to config that i could ssh to 1.2.3.4 on port 7711 and then the gateway would just bounce me to the filserver. for that i used redirect_port tcp 10.10.1.34:7711 1.2.3.4:7711. redirect_port udp 10.10.1.34:7711 1.2.3.4:7711 in natd.conf. (the ssh port on the fileserver is set to 7711) this doesnt work at all. i can ssh to the gatway from outside and then ssh to the fileserver. but i need to find a better way. (easier way to reach files on the fileserver since the poeple using the network doesnt know anything about ssh) i want to use vpn but i cant find a good site explaining me how to set it up. been sitting with this problem for a while and dont know what do do. please help me with this because its driving me crazy! thanks for all help my files natd.conf interface xl1 #external interface unregistered_only use_sockets yes dynamic yes same_ports yes redirect_port tcp 10.10.1.34:7711 1.2.3.4:7711 redirect_port udp 10.10.1.34:7711 1.2.3.4:7711 rc.fonf #--------- Internet Settings ------- gateway_enable="YES" hostname="mimmi" #ifconfig_xl1="DHCP" ifconfig_xl1="inet 1.2.3.4 netmask 255.255.255.45" defaultrouter="1.2.3.1" #---------- DO NOT CHANGE ANYTHING BELOW THIS LINE!!!! --------- #--------- Intranet Settings ------ natd_enable="YES" natd_interface="xl1" #natd_flags="-s -u -m" natd_flags="-f /etc/natd.conf" ifconfig_xl0="inet 10.10.1.1 netmask 255.255.255.0" #-------- Firewall Settings -------- #IPFW ver 4 firewall_enable="YES" firewall_logging_enable="YES" firewall_quiet="NO" firewall_type="open" #open= disable firewall, close=no internet connection! #firewall_script="/etc/rc.firewall" #our firewall settings #--------- Securing Settings--------- tcp_drop_synfin="YES" tcp_keepalive="YES" icmp_bmcastecho="NO" icmp_bandlim="YES" icmp_drop_redirect="YES" icmp_log_redirect="YES" kern_securelevel_enable="YES" tcp_drop_synfin="NO" tcp_keepalive="NO" icmp_bmcastecho="YES" icmp_bandlim="NO" icmp_drop_redirect="NO" icmp_log_redirect="NO" kern_securelevel_enable="NO" #--------- NFS file Settings --------- nfs_server_enable="NO" nfs_client_enable="NO" nfs_reserved_port_only="NO" portmap_enable="NO" #-------- Syslog Settings ---------- syslogd_enable="YES" syslogd_flags="-ss" #-------- Own Settings --------- sendmail_enable="NONE" sshd_enable="YES" usbd_enable="YES" clear_tmp_enable="YES" update_motd="NO" keymap="swedish.cp850" linux_enable="YES" inetd_enable="NO" #ipv6_enable="NO" #--------- end of file ------- _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar [1]MSN Toolbar Get it now! References 1. http://g.msn.com/8HMAEN/2752??PS=47575