Date: Thu, 7 Aug 2003 05:22:20 +0200 From: Clement Laforet <sheepkiller@cultdeadsheep.org> To: Mark <boxend@redtick.homeunix.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw natd forward port 80 Message-ID: <20030807052220.15544671.sheepkiller@cultdeadsheep.org> In-Reply-To: <200308070155.h771tl6G000549@redtick.homeunix.com> References: <20030807043543.53428bc6.sheepkiller@cultdeadsheep.org> <200308070155.h771tl6G000549@redtick.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 6 Aug 2003 20:55:47 -0500 (CDT)
Mark <boxend@redtick.homeunix.com> wrote:
> I am still unable to connect from the outside,
> from the kernel config
> # ipfw options
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=10
> options IPFIREWALL_DEFAULT_TO_ACCEPT
> options IPDIVERT
>
> #To hide firewall from traceroute
> options IPSTEALTH
>
> #To hide from nmap, remove if create web server
> #options TCP_DROP_SYNFIN
ok here my set up
(I use pound for web traffic now but it used to work for year)
kernel conf :
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
natd.conf :
[root@chuck|(553)| teapop-devel]# ssh charon.cultdeadsheep.org cat /etc/natd.conf
log no
deny_incoming no
port 8668
#
use_sockets yes
#
# Avoid port changes if possible. Makes rlogin work
# in most cases.
#
same_ports yes
#
verbose no
interface tun0
unregistered_only yes
redirect_port tcp 192.168.0.1:80 80
Now the debugging :)
when you try a "telnet <your external IP> 80" you have :
1. Connection refused : natds is'nt running
2. ping timeout :
- your firewall is faulty
or - your server is down
or - your server doesn't have the right gateway
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030807052220.15544671.sheepkiller>