Date: Fri, 20 Aug 2004 04:28:02 -0400 From: "Hakim Z. Singhji" <hzs202@nyu.edu> To: Eric Crist <ecrist@secure-computing.net> Cc: freebsd-questions@freebsd.org Subject: Re: HOWTO Ping LAN??? Message-ID: <4125B612.9040109@nyu.edu> In-Reply-To: <043a01c48673$80bdcd20$6501a8c0@Nomad> References: <043a01c48673$80bdcd20$6501a8c0@Nomad>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms030102010901040902080004 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Thank you for your replies gentlemen, this post is a bit old, I have already built my FreeBSD NAT box and configured IPFW...I am currently building a new kernel configuration for the machine to include IPDIVERT, IPFIREWALL and a few other system specific modifications. If I have any questions concerning this issue, I will include you both (Eric, Rich) in the list. Thanks Eric Crist wrote: | SEE BOTTOM | |>-----Original Message----- |>From: owner-freebsd-questions@freebsd.org |>[mailto:owner-freebsd-questions@freebsd.org] On Behalf Of |>Rich Shinnick |>Sent: Thursday, August 19, 2004 11:46 PM |>To: 'Hakim Singhji'; 'Hakim Z. Singhji'; 'MatthewSeaman' |>Cc: 'Bill Moran'; freebsd-questions@freebsd.org |>Subject: RE: HOWTO Ping LAN??? |> |> |>Hakim, |> |>What you are trying to do is possible in two ways: |> |>1. SSH to the box, and tunnel to other internal machines |>according to the tunnels you have set up. (See the last email |>I sent). 2. Port forward connections from the Internet "thru" |>the BSD to internal machines. |> |>Check these links: http://www.rootprompt.net/freebsd_firewall.html |>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fire |>walls.html |> |> |> _____ |> |>From: Hakim Singhji [mailto:Hakim.Singhji@nychhc.org] |>Sent: Thursday, July 29, 2004 10:27 AM |>To: Hakim Z. Singhji; MatthewSeaman |>Cc: Bill Moran; freebsd-questions@freebsd.org |>Subject: Re: HOWTO Ping LAN??? |> |> |>Hi Matt, |> |>You say that the only way I will be able to connect to my |>network is by tunneling. |>This is not what I want to do, I thought I may be able to |>SSH, Telnet, www, etc. |>from the outside to my default gateway and have the gateway |>pass SSH, Telnet, |>www., or any other request to the machine on the private |>network by including the |>"localhost.defaultgateway.domain.org" or something to that affect. |> |>Does NAT Overloading only go one way??? |> |>Hakim Z. Singhji |>Coordinating Mgr. / Infection Control |>718-245-3923 |>hakim.singhji@nychhc.org |> |> |>>>>Matthew Seaman <m.seaman@infracaninophile.co.uk> |> |>7/29/2004 5:32:32 |> |>>>>AM |>>>> |> |>On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote: |> |> |>>Figure 1 |>> |>>*************** |>>* Internet * |>>*24.199.1xx.xx* |>>*************** |>>~ | |>>~ | |>>*************** ************** |>>* Defaut GW * __ __ *Kids Machine* |>>*192.68.0.1 * *192.68.0.3 * |>>FreeBSD 4.10 * * Mandrake 10* |>>*************** ************** |>>~ | |>>~ | |>>***************** |>>*Wrk Station1* |>>*192.68.0.2 * |>>*Redhat 9 * |>>***************** |>> |>>This is a rough diagram of the network... I would like to |> |>ssh, ping, |> |>>etc. the machines behind the default gateway directly (without |>>tunneling) from the outside the network (at work for |> |>example). Is this |> |>>possible and if so how do I config. Keep in mind that my default |>>gateway is FreeBSD. I know this may be a complicated project but if |>>you could help that would help me greatly. Many thanks to |> |>everyone in |> |>>advance. |> |>I'm afraid that's not going to be possible with your current |>network layout. If you want all of your machines to be |>accessible from the Internet, then you'll need routable |>addresses on all of your machines. |> |>I know you've said you don't want to use tunnelling, but |>unfortunately, that's the only way you can access a private |>address space as you have from outside it. A relatively |>simple way of doing that is to ssh into your gateway box, and |>use the '-L' or '-R' portforwarding options to create a |>tunnel to one of the internal machines, and then ssh or |>otherwise connect through that tunnel: see eg. |> | | http://www.linux.ie/articles/tutorials/ssh.php | | One other point: you're going to have problems if you're using | 192.168.0.0 as the IP number on your FreeBSD machine. That's the | *network* address, and shouldn't be applied directly to any specific | machine. If you're running your internal network using 192.168.0.0/24 as | the address space, then you have 254 addresses (from 192.168.0.1 to | 192.168.0.254) to use for client machines, since 192.168.0.0 (network | address) and 192.168.0.255 (broadcast address) are reserved as part of | the networking setup. | | Cheers, | | Matthew | | -- | Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks | Savill Way | PGP: http://www.infracaninophile.co.uk/pgpkey Marlow | Tel: +44 1628 476614 Bucks., SL7 1TH UK | | | Hello, | | There is one real solution to this here. | | You could setup a DMZ to your Default Gateway. If this is a Linksys | Broadband Gateway, it's as simple as checking a box and typing in the | private IP address. This routes all incoming (non-statefull) | connections to this host. Since your IP changes, use a dynamic DNS | service such as no-ip.org(sp?) or tzo.com. I've used TZO.com, | personally, then I just got DSL with a /29 static IP address allocation. | This should work without issue, unless your DMZ firewall rules prevent | it. I would need more information to let you know. | | HTH | | Eric F Crist | Best Access Systems | 11300 Rupp Dr. Burnsville, MN 55337 | Phone: 952.894.3830 | Cell: 612.998.3588 | Fax: 952-894-1990 | | | | _______________________________________________ | freebsd-questions@freebsd.org mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-questions | To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBJbYRlT9WV6TztkoRAgUhAJ9jgGuS9xXGNH5XzwXmku2w6PheWwCdFPed 3MXw5ZImQrd9oFKT25Imwpk= =HqoR -----END PGP SIGNATURE----- --------------ms030102010901040902080004 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJDzCC AuIwggJLoAMCAQICAwzf9TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwODE3MDQzMjQxWhcNMDUwODE3MDQzMjQx WjBZMRAwDgYDVQQEEwdTaW5naGppMQ4wDAYDVQQqEwVIYWtpbTEWMBQGA1UEAxMNSGFraW0g U2luZ2hqaTEdMBsGCSqGSIb3DQEJARYOaHpzMjAyQG55dS5lZHUwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQC9pmsNb3K2cmv2D9UdEPh5tWoLMl5PbyjBxTTfur8kSUrsNWDW jUxoatlbnC/o2UOLsj9dU9FcRW0SMTJfEsPqBkoTAodlpOQBkIzpTGojogpAGxkYm1fbWcWH v0/OhCJ6F7VeJOmgjF0FS0lsCnUUEBNoEGMNWdVB8gOyn3oLfNKbzZ3d8HZpFUaxfN7csPtd CFMH8vBXcTVjMGgW2yHzwv9iuyNDOI7UOfA4vZPBe5Uwlu6XbPCR0Epfam+pAU1oQLQTVwwS o1+acYl2wWDCjVRmTamHJ1BngXKjGouJJNqUMcjUC4X5tc3a2sfYBnrc5Y5DlJ0RMT6OYRfU JnhLAgMBAAGjKzApMBkGA1UdEQQSMBCBDmh6czIwMkBueXUuZWR1MAwGA1UdEwEB/wQCMAAw DQYJKoZIhvcNAQEEBQADgYEAhK4ZbgBhZZgdDOP+YzUgSi0wftA6pq0iCptMPKitxYb3ZSOG KS1UyigRJUJX/F1Z0bCthSQejuvX6PknCW18FP9Is4McuXshemH9pOuLk5WbEf4N1gVs/3jO Ky3q7/NZfH8PvOFPQwDCv5tQUJPAPr2ca5XU4P122u4MEOksAHgwggLiMIICS6ADAgECAgMM 3/UwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25z dWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJ c3N1aW5nIENBMB4XDTA0MDgxNzA0MzI0MVoXDTA1MDgxNzA0MzI0MVowWTEQMA4GA1UEBBMH U2luZ2hqaTEOMAwGA1UEKhMFSGFraW0xFjAUBgNVBAMTDUhha2ltIFNpbmdoamkxHTAbBgkq hkiG9w0BCQEWDmh6czIwMkBueXUuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAvaZrDW9ytnJr9g/VHRD4ebVqCzJeT28owcU037q/JElK7DVg1o1MaGrZW5wv6NlDi7I/ XVPRXEVtEjEyXxLD6gZKEwKHZaTkAZCM6UxqI6IKQBsZGJtX21nFh79PzoQiehe1XiTpoIxd BUtJbAp1FBATaBBjDVnVQfIDsp96C3zSm82d3fB2aRVGsXze3LD7XQhTB/LwV3E1YzBoFtsh 88L/YrsjQziO1DnwOL2TwXuVMJbul2zwkdBKX2pvqQFNaEC0E1cMEqNfmnGJdsFgwo1UZk2p hydQZ4FyoxqLiSTalDHI1AuF+bXN2trH2AZ63OWOQ5SdETE+jmEX1CZ4SwIDAQABoyswKTAZ BgNVHREEEjAQgQ5oenMyMDJAbnl1LmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUA A4GBAISuGW4AYWWYHQzj/mM1IEotMH7QOqatIgqbTDyorcWG92UjhiktVMooESVCV/xdWdGw rYUkHo7r1+j5JwltfBT/SLODHLl7IXph/aTri5OVmxH+DdYFbP94zist6u/zWXx/D7zhT0MA wr+bUFCTwD69nGuV1OD9dtruDBDpLAB4MIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUF ADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw ZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNh dGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4X DTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoT HFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25h bCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxV c1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J 8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9I BH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0f BDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1h aWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRl TGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aU nX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3d qZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAzsw ggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB AgMM3/UwCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG 9w0BCQUxDxcNMDQwODIwMDgyODAyWjAjBgkqhkiG9w0BCQQxFgQU6zb1zLzenCNySJCfNKli wiFpA0kwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYI KoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYBBAGCNxAEMWswaTBi MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEs MCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwzf9TB6Bgsq hkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0 aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1 aW5nIENBAgMM3/UwDQYJKoZIhvcNAQEBBQAEggEAhN/7scDmDXySP5lwtErLGtG9FJuy+O7x NGWOj6Huo079D+jFWWB0uwV7TA5TCjS+qBSzwgYowc2JD3t2nz3ilHr0h/D7JyXLjqKDoFQa kw1fPCJmCbv4qg/t56EnMiJvHznfhknNdrNdxJI8fR6EiqUZXVAx66QQ/VEJnUSoWRLNJv61 WAaKLSfJQYgoRnYz+mqVS9ybtOIoqLrdAxa+vTWC3fTtmsZe6LOzDy8BZaEwRK6XVhnq0LbT 6Vr19ewziHTteXds52NuZy5aQ6iN71zi7+xZYvNCPJUAo329kuzZaGWyV2AISltwnR7YaMXy eW1bTEoVgwz0sy8+YnlcjAAAAAAAAA== --------------ms030102010901040902080004--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4125B612.9040109>