Date: Thu, 6 May 2004 23:37:09 -0500 From: "adp" <dap99@i-55.com> To: <questions@freebsd.org> Subject: Problem with FreeBSD 4.8, ipf, ipfnat and forwarding for pcAnywhere Message-ID: <087601c433ed$08ba7680$6501a8c0@yourqqh4336axf>
next in thread | raw e-mail | index | archive | help
This shouldn't be that hard, but I can't get it working.
I have a FreeBSD firewall with three NICs (Internet, LAN, DMZ). I have
bridging enabled between the Internet and DMZ interfaces.
I now have an internal computer (LAN) that needs to be accessible via
pcAnywhere.
I can telnet to the pcAnywhere ports on the internal computer fine from the
firewall or the LAN. So that works. However, when I configured ipnat to
forward my pcAnywhere ports a telnet from the Internet just stalls.
My ipnat configuration:
# cat /etc/ipnat.conf
(xl0 = internet, xl1 = lan, xl2 = dmz)
####################
# pcAnywhere
# normal nat for office disabled - this is all i have in ipnat.conf
rdr xl0 public-ip/32 port 5631 -> 192.168.99.9 port 5631
rdr xl0 public-ip/32 port 5632 -> 192.168.99.9 port 5632
And I am allowing in accessing via ipf:
pass in quick proto tcp from any to public-ip port = 5631 group 200
pass in quick proto udp from any to public-ip port = 5631 group 200
pass in quick proto tcp from any to public-ip port = 5632 group 200
pass in quick proto udp from any to public-ip port = 5632 group 200
(If I take these out I see the ipmon block messages, but with these they go
away, so it's not ipf I don't think.)
Am I missing something here? This should work!
A tcpdump. I am remote (remote-client):
%telnet public-ip 5631
Trying public-ip...
(just sits there)
On the FreeBSD box:
# tcpdump -n -i xl0 port 5631
tcpdump: listening on xl0
23:26:41.772801 remote-client.3755 > public-ip.5631: S
2174885259:2174885259(0) win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp
99416198 0> (DF) [tos 0x10]
23:26:44.772018 remote-client.3755 > public-ip.5631: S
2174885259:2174885259(0) win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp
99416498 0> (DF) [tos 0x10]
23:26:48.013346 remote-client.3755 > public-ip.5631: S
2174885259:2174885259(0) win 57344 <mss 1460,nop,wscale 0,nop,nop,timestamp
99416818 0> (DF) [tos 0x10]
23:26:51.230241 remote-client.3755 > public-ip.5631: S
2174885259:2174885259(0) win 57344 <mss 1460> (DF) [tos 0x10]
23:26:54.429267 remote-client.3755 > public-ip.5631: S
2174885259:2174885259(0) win 57344 <mss 1460> (DF) [tos 0x10]
23:26:57.596288 remote-client.3755 > public-ip.5631: S
2174885259:2174885259(0) win 57344 <mss 1460> (DF) [tos 0x10]
23:27:03.809921 remote-client.3755 > public-ip.5631: S
2174885259:2174885259(0) win 57344 <mss 1460> (DF) [tos 0x10]
23:27:16.050057 remote-client.3755 > public-ip.5631: S
2174885259:2174885259(0) win 57344 <mss 1460> (DF) [tos 0x10]
^C
48 packets received by filter
0 packets dropped by kernel
Oh, and again, I do have bridging enabled between Internet and DMZ:
My bridge script:
#!/bin/sh
echo -n "Enabling bridging: "
if sysctl -w net.link.ether.bridge=1 > /dev/null 2>&1; then
echo "activated."
else
echo "failed."
fi
echo -n "Enabling bridging between xl0 and xl2 interfaces: "
if sysctl -w net.link.ether.bridge_cfg=xl0,xl2 > /dev/null 2>&1; then
echo "activated."
else
echo "failed."
fi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?087601c433ed$08ba7680$6501a8c0>