Date: Wed, 7 May 2008 18:55:26 -0300 From: "Marcone Theisen" <marconemlt@gmail.com> To: "Tom Wuyts" <eenpint@hotmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Redirect internal traffic (only port 80) to another link Message-ID: <ccb97a850805071455m5a49d313kf08f6bd5af3593da@mail.gmail.com> In-Reply-To: <BLU122-W33F5E9047A93F311CF9FA7A2D10@phx.gbl> References: <ccb97a850805061346lb6a802eo388eed2381d992a2@mail.gmail.com> <BLU122-W33F5E9047A93F311CF9FA7A2D10@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Tom,
Thank's for the help, but not worked with the procedures below.
The natd.conf file is ok, I'm restart the netstart and the natd.
I think it may be the vlan. It's works fine, I can ping the gateway. But, I
can route my internal traffic by vlan?
With the command "trafshow -i vlan2" anything I can see.
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet6 fe80::211:43ff:fefd:3ff6%em0 prefixlen 64 scopeid 0x1
inet 10.40.4.1 netmask 0xffffff00 broadcast 10.40.4.255
ether 00:11:43:fd:3f:f6
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=b<RXCSUM,TXCSUM,VLAN_MTU>
inet 10.10.18.3 netmask 0xffffff00 broadcast 10.10.18.255
inet6 fe80::211:43ff:fefd:3ff7%em1 prefixlen 64 scopeid 0x2
ether 00:11:43:fd:3f:f7
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::211:43ff:fefd:3ff6%vlan2 prefixlen 64 duplicated scopeid
0x4
inet 192.168.7.106 netmask 0xfffffff8 broadcast 192.168.7.111
ether 00:11:43:fd:3f:f7
media: Ethernet autoselect (1000baseTX <full-duplex>)
status: active
vlan: 2 parent interface: em1
portal# ping 192.168.7.105
PING 192.168.7.105 (192.168.7.105): 56 data bytes
64 bytes from 192.168.7.105: icmp_seq=0 ttl=30 time=0.839 ms
64 bytes from 192.168.7.105: icmp_seq=1 ttl=30 time=0.763 ms
Have any other alternative to test ?
Thank's,
Marcone
2008/5/7 Tom Wuyts <eenpint@hotmail.com>:
> set in your rc.conf next line
>
> natd_flags="-f /etc/natd.conf"
>
> and then add the file natd.conf in your etc/ folder
>
> interface em0 (if i'm not mistaking, i don't completely get your question)
> use_sockets yes
> dynamic yes
> redirect_port tcp 192.168.7.105:80 80
>
> this should send all packets arriving at port 80 from your 10.0.0.0network to
> 192.168.7.105
>
> and then restart your network
> /etc/netstart restart
>
> if he complains about natd, while restarting your network, kill natd with
> "pkill natd" and then restart your network
>
> hope it helps,
>
> tom
>
>
>
> ------------------------------
> > Date: Tue, 6 May 2008 17:46:06 -0300
> > From: marconemlt@gmail.com
> > To: freebsd-ipfw@freebsd.org
> > Subject: Redirect internal traffic (only port 80) to another link
> >
> > Hi,
> >
> > I have 2 links, one em0 and other in vlan2 interface.
> > My default route is em0.
> >
> > The problem is:
> > I want to direct all internal Internet traffic (port 80) for the link in
> > vlan2 interface.
> > How to do it with the IPFW?
> >
> > Some information:
> >
> > Link em0 interface - 10.40.1.0
> > Interna network: em1 interface - 10.10.18.0
> > Link vlan2 interface - 192.168.7.0
> >
> > The vlan2 interface is on Trunk port in switch. It's work.
> >
> > We have tried the following alternatives:
> >
> > I created another route:
> > Route ADD 192.168.7.107 192.168.7.105
> >
> > ipfw add 00019 divert from 8668 ip 10.10.18.0/24 to any 80 via vlan2
> > Traffic continued through dedicated link.
> >
> > ipfw add 00019 fwd 192.168.7.105 tcp from 10.10.18.0/24 to any 80
> > redirect the traffic on the link vlan2, but did not return anything.
> >
> > ipfw add 00019 divert from 8669 ip 10.10.18.0/24 to any 80 via vlan2
> > natd-s-m-n-vlan2 p 8669
> > Anything!
> >
> > All attempts without success.
> > Thus, how I can redirect my internal Internet traffic to the VLAN2 link
> with
> > IPFW ?
> >
> > Thank's,
> > Marcone
> > _______________________________________________
> > freebsd-ipfw@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
> ------------------------------
> Nieuwe lente...Een nieuw online leven...Helemaal gratis! Windows Live
> <http://get.live.com>;
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ccb97a850805071455m5a49d313kf08f6bd5af3593da>