From owner-freebsd-questions Sun Apr 2 22:15:39 2000 Delivered-To: freebsd-questions@freebsd.org Received: from pooky.bmk.com.au (pooky.bmk.com.au [203.36.170.246]) by hub.freebsd.org (Postfix) with ESMTP id 53E8237BD63 for ; Sun, 2 Apr 2000 22:15:33 -0700 (PDT) (envelope-from brendan@bmk.com.au) Received: from garfield (gateway.ozi.nu [203.36.170.241]) by pooky.bmk.com.au (8.8.7/8.8.7) with SMTP id PAA11893; Mon, 3 Apr 2000 15:05:30 +1000 Date: Mon, 3 Apr 2000 15:09:05 +1000 (EST) From: Brendan Kosowski X-Sender: brendan@garfield To: cjclark@home.com Cc: FreeBSD Questions Subject: Re: natd problem In-Reply-To: <20000402224237.B33106@cc942873-a.ewndsr1.nj.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 2 Apr 2000, Crist J. Clark wrote: > On Mon, Apr 03, 2000 at 11:11:58AM +1000, Brendan Kosowski wrote: > > > > > > I am running a NAT using natd and the standard OPEN firewall setting. > > > > The NAT has 2 ethernet cards, one to a PUBLIC ETHERNET and the other to > > our LOCAL ETHERNET (192.168.etc...) > > > > The natd has been setup with the "-redirect_port" option so that a certain > > port on the NAT PUBLIC INTERFACE gets redirected to a server on our LOCAL > > ETHERNET therefore giving our server a PUBLIC ADDRESS/PORT. > > > > The problem occurs when a P.C. on the LOCAL ETHERNET tries to access the > > SERVER on the LOCAL ETHERNET by way of its PUBLIC ADDRESS/PORT. The NAT > > seems to deny packets. > > > > It is absolutely necessary that I can get natd to do this. Accessing the > > SERVER via it's local address in an unacceptable solution. > > > > Can ANYONE help ??? > > YES, we PROBABLY can, but first TELL me why you LIKE to CAPITALIZE > every OTHER word? > > Why do you say that the NAT server seems to deny the packets? Could we > see the ifconfig(8) for the interfaces, the natd(8) command line and > config file (if it exists), and your firewall rules (`ipfw show`)? > -- > Crist J. Clark cjclark@home.com > I have used CAPITALS to emphasize important information like SERVERS, INTERFACES, ADDRESSES and PORTS. Sorry if this appears as arrogant or is difficult to read. I am reluctant to give information containing IP addresses as we have found that giving too much info to mailing lists can result in hacker attacks later. I will do my best to give you as much info as possible. NAT interfaces: ed1 connects to our Public Ethernet. ed2 (192.168.5.5) connects to our Local Ethernet (192.168.5.0/24) Firwall rules follow: divert 8668 ip from any to any via ed1 allow ip from any to any via lo0 deny ip from any to 127.0.0.0/8 allow ip from any to any deny ip from any to any Natd command line follows: natd -n ed1 -redirect_port tcp 192.168.5.253:80 80 There is no natd config file with extra options. As can be seen, our web server (192.168.5.253) is behind the NAT on the local network. I suspect that the nat is denying packets for the following reasons: a.) P.C.'s on the Internet can access our Web Server via port 80 on the NAT public interface (ed1). b.) P.C's on our local network can access the Internet. c.) P.C's on our local network can not access the Web Server via port 80 on the NAT public interface (ed1). Reason c.) above is the problem. Hope that makes it clearer. Thanks for your help, Regards, Brendan Kosowski. -------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message