Date: Wed, 31 Jul 2002 23:20:24 -0500 (CDT) From: "lane@joeandlane.com" <lane@joeandlane.com> To: freebsd-questions@freebsd.org Subject: The inscrutable natd redirect_port Message-ID: <200208010420.g714KOoB002082@joeandlane.com>
next in thread | raw e-mail | index | archive | help
I've got two nearly identical FreeBSD boxes, both running 4.6 STABLE, both
kernels rebuilt within the last week from the same source and same KERNEL
config file.
Each machine runs identical rc.conf, except for the hostname.
Each machine has two nics, an rl0 for the internal network and ed0 for the
external network. Both machines act as a gateway for a small internal network
that includes an NT machine and an AS/400 for each. Each machine is in a
workspace separated by about 10 miles.
I can telnet or ftp to each of these machines from the other or from any
machine that they act as a gateway for.
I mean this setup is identical EXCEPT that natd works on one and not on the
other.
here is the information from rc.conf:
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/etc/firewall/fwrules"
natd_enable="YES"
natd_interface="de0"
natd_flags="-config /etc/natd.conf"
and natd.conf:
interface de0
dynamic yes
use_sockets yes
unregistered_only yes
log yes
log_denied yes
#verbose yes
deny_incoming no
# send incoming ftp, wins, and mssql to the NT machine
redirect_port tcp 192.168.1.2:1433 1433
redirect_port udp 192.168.1.2:137 137
redirect_port tcp 192.168.1.2:137 137
redirect_port tcp 192.168.1.2:23 8023
redirect_port tcp 192.168.1.2:21 8021
# send incoming db2, telnet, and ftp and client access to the AS/400 machine
redirect_port tcp 192.168.1.4:23 4023
redirect_port tcp 192.168.1.4:21 4021
redirect_port tcp 192.168.1.4:423 423
redirect_port tcp 192.168.1.4:523 523
and finally the firewall rules:
fwcmd="/sbin/ipfw"
#make the interface into a macro
de0="de0"
rl0="rl0"
$fwcmd -f flush
$fwcmd add divert natd all from any to any via $de0
$fwcmd add pass all from any to any
This setup works fine for one machine. I am able to ftp, telnet, or send db2
or mssql requests to any machine on the network from any machine on either
network.
HOWEVER ....
None of this works on the other machine. None of the natd redirects, that is.
Each request, for instance to "telnet remote_host 8023" is met with
telnet: connect to address 172.172.5.1: Connection refused
telnet: Unable to connect to remote host (This whether I attempt to connect
from the local network, from the 172.172.5.1 host, or from any remote site)
But "telnet remote_host" and "telnet remote_host 23" work perfectly.
/var/log/alias.log seems to witness the action, but I cannot interpret that
file to determine where or why 172.172.5.1 is rejecting the incoming request.
What steps can I take to track down this failure?
Thanks for reading.
And thanks for your input.
lane holcombe
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208010420.g714KOoB002082>