From owner-freebsd-questions Wed Dec 20 0:56:35 2000 From owner-freebsd-questions@FreeBSD.ORG Wed Dec 20 00:56:32 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id B6BF137B400 for ; Wed, 20 Dec 2000 00:56:32 -0800 (PST) Received: from rfx-64-6-211-149.users.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Wed, 20 Dec 2000 00:54:55 -0800 Received: (from cjc@localhost) by rfx-64-6-211-149.users.reflexcom.com (8.11.0/8.11.0) id eBK8uUb54737; Wed, 20 Dec 2000 00:56:30 -0800 (PST) (envelope-from cjc) Date: Wed, 20 Dec 2000 00:56:29 -0800 From: "Crist J. Clark" To: Thomas Uhrfelt Cc: "'freebsd-questions@freebsd.org'" Subject: Re: NATD redirect part II Message-ID: <20001220005629.Q96105@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <01C06A67.AA3BDEC0.thomas.uhrfelt@plymovent.se> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <01C06A67.AA3BDEC0.thomas.uhrfelt@plymovent.se>; from thomas.uhrfelt@plymovent.se on Wed, Dec 20, 2000 at 09:31:42AM +0100 Sender: cjc@rfx-64-6-211-149.users.reflexcom.com Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Dec 20, 2000 at 09:31:42AM +0100, Thomas Uhrfelt wrote: > Due to my somewhat confusing post about getting help with telnet redirects > I have decided to put a more extensive description of my setup and problem > for review by the people subscribing to this list. > > I manage two (2) FreeBSD gateways on seperate locations, both handling an > internal 192.168.*.* network - the traffic is is tunnled using pipsecd > between these networks. > > Network topology > -------------------- > 192.168.1.*----192.168.1.254(FREEBSD1)A.B.C.D---(I N T E R N E > T)---E.F.G.H(FREEBSD2)192.168.10.254---192.168.10.10(TELNETMACHINE) > > > Problem description > ------------------------ > > I want to allow people outside on the internet telnet access to the machine > above called TELNETMACHINE. Both FreeBSD gateways are using ipfw+natd for > NAT and Firewalling. I have tried using the directives: -redirect_port tcp > 192.168.10.10:23 8888 and -redirect_port udp 192.168.10.10:23 8888 on the > FREEBSD2 machine then tried to telnet into E.F.G.H on port 8888 (while > using tcpdump on both the external and internal interface on FREEBSD) but I > get no response. And the tcpdump shows the telnet from outside reaching > FREEBSD2 but there is no activity what so ever on the internal interface - > which in my opinion shows that I am making some fundamental error trying to > get natd to behave and redirect the telnet session. I am inclined to think > that I am the one being a moron here and that it's not due to a bug in > natd. > > Any pointers? I was thinking about giving up and using bounce until I saw > that it's only able to "bounce" tcp and not udp packets. Telnet does not use UDP. This is/will not be an issue. > There gotta be > someone out there with a similar problem like mine that has been solved.. > right? Sounds like there is a good chance it is being blocked by your firewall. What do your rules look like? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message