Date: Wed, 20 Sep 2000 21:25:02 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Chip <chip@wiegand.org> Cc: "seafug@dub.net" <seafug@dub.net>, "freebsd-questions@freebsd.org" <freebsd-questions@FreeBSD.ORG> Subject: Re: natd does port forwarding? Message-ID: <20000920212502.W367@149.211.6.64.reflexcom.com> In-Reply-To: <39C95E2A.C3962BB8@wiegand.org>; from chip@wiegand.org on Wed, Sep 20, 2000 at 06:02:34PM -0700 References: <39C6FCCC.D0103226@wiegand.org> <20000918225104.I367@149.211.6.64.reflexcom.com> <39C70308.EF52766F@wiegand.org> <20000919000233.L367@149.211.6.64.reflexcom.com> <39C84A4B.766B5B24@wiegand.org> <20000919232213.Q367@149.211.6.64.reflexcom.com> <20000920120922.C22272@149.211.6.64.reflexcom.com> <39C95E2A.C3962BB8@wiegand.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 20, 2000 at 06:02:34PM -0700, Chip wrote: > I believe it works now, I tried at work at it redirected to my > home web server and the page loaded fine, would you be so kind > as to do the same? www.wiegand.org There is a 5 second delay. > The only differance at this time is at the bottom of the page > that > loads on my home server, it has a paragraph that states this is > loaded on my home server. > I cannot load it from within my home network, though I think I > understand why. Correct me if I'm wrong - > a packet goes out from 192.168.0.6, is translated to > 208.194.173.26 > returns to 208.194.173.26 and is translated back to 192.168.0.6 > then the web page tries to load from my home server but there is > no > route between the inside and outside nics, so it can't be loaded > into the inside network pc. Maybe I'm confused. ;-) I actually just explained this problem to someone else on -questions last night. Go to the archive and check the thread with the subject, "internal to internal via natd extenal redirect_port." As I said to that poster, this is a pain to do. > Anyway, there is only one instance of natd running now. It loads > from > /etc/rc.conf (the only line in that file in fact). The other > place > it could load from, /usr/local/etc/rc.d, is strange. I loaded it > in > vi and it is just a whole lot of @^@^ repeated many times. And a > that says rc.d is not a regular file. It's not. /usr/local/etc/rc.d should be a directory. Appropriately named scripts in this directory are started at boot time. > Now I just have to tighten up my firewall rules. I go to grc.com > to > run the port scan on that sight and get the following results - > ports 21, 23, 79, 80 are open ftp, telnet, finger, and http. > ports 110, 113, 139, 143, 443 are closed pop3, auth, netbios-session, imap, and https. > My ipfw show shows this - > 00100 1499 429850 divert 8668 ip from any to any via ep1 > 00100 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 65000 2274 800088 allow ip from any to any > 65535 0 0 allow ip from any to any > Now this doesn't seem right to my unknowledgable eyes, even for > an open firewall. My goal is to have a firewall that shows the > above > mentioned ports and all others as either closed or stealth. So my > rc.firewall is attaced for all to see an rip apart for me, so I > can learn from my mistakes and maybe be a better FreeBSD user. > :) > Thankyou so much for you assistance, Not only do you have the distributed "open" firewall running, but you must have built a kernel with the, options IPFIREWALL_DEFAULT_TO_ACCEPT Which is not recommended. Other than that, no suprises. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000920212502.W367>