From owner-freebsd-ipfw Tue Mar 26 7:59:18 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mgr2.xmission.com (mgr2.xmission.com [198.60.22.202]) by hub.freebsd.org (Postfix) with ESMTP id A353D37B419 for ; Tue, 26 Mar 2002 07:59:14 -0800 (PST) Received: from [198.60.22.22] (helo=mail.xmission.com) by mgr2.xmission.com with esmtp (Exim 3.22 #1) id 16ptLu-0005rf-00 for freebsd-ipfw@freebsd.org; Tue, 26 Mar 2002 08:59:14 -0700 Received: from [166.70.26.252] (helo=roger) by mail.xmission.com with smtp (Exim 3.22 #1) id 16ptLu-000255-00 for freebsd-ipfw@freebsd.org; Tue, 26 Mar 2002 08:59:14 -0700 From: "Roger Helman" To: Subject: Re: FreeBSD 4.2 ipfw natd -- Port Forwarding? Date: Tue, 26 Mar 2002 09:03:37 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have searched google and freebsd and can find a solution to my problem. I am getting the following error when ever I attempt to get natd to forward port 1723 natd -n rl0 -redirect_port tcp 192.168.1.21:1723 1723 natd: Unable to bind divert socket.: Address already in use Here is my rc.conf gateway_enable="YES" firewall_enable="YES" firewall_type="open" sshd_enable="YES" inetd_enable="YES" ppp_enable="NO" ppp_nat="NO" natd_enable="YES" natd_interface="rl0" natd_flags="" network_interfaces="rl0 rl1 lo0" ifconfig_rl0="inet 10.0.0.2 netmask 255.255.255.0" ifconfig_rl1="inet 192.168.1.1 netmask 255.255.255.0" and my very simple routing rules ipfw ipfw -a list 00100 divert 8668 ip from any to any via rl0 00200 allow ip from any to any 00300 divert 1723 ip from any to any via rl0 65535 deny ip from any to any thanks Roger Roger Helman 801.492.7832 1438 N 20 E American Fork UT 84003 rhelman@xmission.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Mar 26 8: 8: 5 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.bigstudios.com (H185.C214.tor.velocet.net [216.138.214.185]) by hub.freebsd.org (Postfix) with ESMTP id 222E437B420 for ; Tue, 26 Mar 2002 08:07:57 -0800 (PST) Received: from bigstudios.com([192.168.75.105]) (1843 bytes) by mail.bigstudios.com via sendmail with P:esmtp/R:bind_hosts/T:smtp (sender: ) id for ; Tue, 26 Mar 2002 11:07:55 -0500 (EST) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jul-5) Message-ID: <3CA09D37.F396AB26@bigstudios.com> Date: Tue, 26 Mar 2002 11:09:27 -0500 From: Sam Suh X-Mailer: Mozilla 4.77 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: Re: FreeBSD 4.2 ipfw natd -- Port Forwarding? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Roger. Take a look at the /etc/services file. The port 1723 is being used by ppp. nat has its own port 8668. Roger Helman wrote: > > I have searched google and freebsd and can find a solution to my problem. > > I am getting the following error when ever I attempt to get natd to forward > port 1723 > > natd -n rl0 -redirect_port tcp 192.168.1.21:1723 1723 > natd: Unable to bind divert socket.: Address already in use > > Here is my > rc.conf > > gateway_enable="YES" > firewall_enable="YES" > firewall_type="open" > sshd_enable="YES" > inetd_enable="YES" > ppp_enable="NO" > ppp_nat="NO" > natd_enable="YES" > natd_interface="rl0" > natd_flags="" > network_interfaces="rl0 rl1 lo0" > ifconfig_rl0="inet 10.0.0.2 netmask 255.255.255.0" > ifconfig_rl1="inet 192.168.1.1 netmask 255.255.255.0" > > and my very simple routing rules > > ipfw > > ipfw -a list > > 00100 divert 8668 ip from any to any via rl0 > 00200 allow ip from any to any > 00300 divert 1723 ip from any to any via rl0 > 65535 deny ip from any to any > > thanks > Roger > > Roger Helman > 801.492.7832 > 1438 N 20 E > American Fork UT 84003 > rhelman@xmission.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Mar 26 14:21:35 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from ns.itga.com.au (ns.itga.com.au [202.53.40.210]) by hub.freebsd.org (Postfix) with ESMTP id E85A637B416 for ; Tue, 26 Mar 2002 14:21:31 -0800 (PST) Received: from lightning.itga.com.au (lightning.itga.com.au [192.168.71.20]) by ns.itga.com.au (8.9.3/8.9.3) with ESMTP id JAA93538; Wed, 27 Mar 2002 09:21:25 +1100 (EST) (envelope-from gnb@itga.com.au) Received: from lightning.itga.com.au (localhost [127.0.0.1]) by lightning.itga.com.au (8.9.3/8.9.3) with ESMTP id JAA12520; Wed, 27 Mar 2002 09:21:24 +1100 (EST) Message-Id: <200203262221.JAA12520@lightning.itga.com.au> X-Mailer: exmh version 2.4 05/15/2001 with nmh-1.0.4 From: Gregory Bond To: "Roger Helman" Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: FreeBSD 4.2 ipfw natd -- Port Forwarding? In-reply-to: Your message of Tue, 26 Mar 2002 09:03:37 -0700. Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 27 Mar 2002 09:21:24 +1100 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > natd -n rl0 -redirect_port tcp 192.168.1.21:1723 1723 > natd: Unable to bind divert socket.: Address already in use > natd_flags="" > 00100 divert 8668 ip from any to any via rl0 > 00200 allow ip from any to any > 00300 divert 1723 ip from any to any via rl0 > 65535 deny ip from any to any You are really, really confused about natd. You don't need to run it twice (you can't, that's why it's complaining), and you don't need the second divert rule. Remove the rule 300 and then add the "-redirect_port tcp 192.168.1.21:1723 1723" string to the natd_flags in rc.conf, and reboot. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Mar 26 19:34:37 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from opensrs.saignon.net (216-120-17-67.dsl.cust.tfb.com [216.120.17.67]) by hub.freebsd.org (Postfix) with ESMTP id 7A36F37B400 for ; Tue, 26 Mar 2002 19:34:34 -0800 (PST) Received: from frankenmobl (216-120-17-17.dsl.cust.tfb.com [216.120.17.17]) by opensrs.saignon.net (8.11.6/8.11.3) with ESMTP id g2R3Z7b10174 for ; Tue, 26 Mar 2002 19:35:07 -0800 (PST) (envelope-from tony@saign.com) From: "Tony Saign" To: Subject: Rule to ignore/drop traffic from entire subnet?? Date: Tue, 26 Mar 2002 19:33:58 -0800 Message-ID: <000401c1d540$3adf71f0$1401a8c0@frankenmobl> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have noticed certain IP address blocks (mostly from overseas), generating large logs on my router system. Is it possible to just drop/ignore and log all traffic originating from these subnets without affecting system performance with a rule or rules? Mar 24 00:19:55 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.72 in via fxp0 Mar 24 00:19:58 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.72 in via fxp0 Mar 24 00:21:18 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.70 in via fxp0 Mar 24 00:21:21 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.70 in via fxp0 Mar 24 00:22:58 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.65 in via fxp0 Mar 24 00:23:01 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.65 in via fxp0 Thanks in advance, -Tony To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Mar 27 0:16:24 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id 2094D37B416 for ; Wed, 27 Mar 2002 00:16:17 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020327081613.ULIS2951.rwcrmhc53.attbi.com@blossom.cjclark.org>; Wed, 27 Mar 2002 08:16:13 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2R8GCc92384; Wed, 27 Mar 2002 00:16:12 -0800 (PST) (envelope-from cjc) Date: Wed, 27 Mar 2002 00:16:12 -0800 From: "Crist J. Clark" To: Tony Saign Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Rule to ignore/drop traffic from entire subnet?? Message-ID: <20020327001612.N89885@blossom.cjclark.org> References: <000401c1d540$3adf71f0$1401a8c0@frankenmobl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000401c1d540$3adf71f0$1401a8c0@frankenmobl>; from tony@saign.com on Tue, Mar 26, 2002 at 07:33:58PM -0800 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Mar 26, 2002 at 07:33:58PM -0800, Tony Saign wrote: > I have noticed certain IP address blocks (mostly from overseas), > generating large logs on my router system. > > Is it possible to just drop/ignore and log all traffic originating from > these > subnets without affecting system performance with a rule or rules? Sure, but... > Mar 24 00:19:55 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.72 in > via fxp0 > Mar 24 00:19:58 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.72 in > via fxp0 > Mar 24 00:21:18 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.70 in > via fxp0 > Mar 24 00:21:21 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.70 in > via fxp0 > Mar 24 00:22:58 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.65 in > via fxp0 > Mar 24 00:23:01 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.65 in > via fxp0 The problem is deciding which networks to block. This particular address is not "overseas" which your first sentence would imply. It is very difficult, and often not possible, to determine where large blocks of address space reside in the physical world. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Mar 27 3:30:12 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from fm1.freemail.hu (fm1.freemail.hu [195.228.242.201]) by hub.freebsd.org (Postfix) with SMTP id EE0B237B416 for ; Wed, 27 Mar 2002 03:30:07 -0800 (PST) Received: (qmail 5050 invoked by uid 662851); 27 Mar 2002 12:30:05 +0100 Date: Wed, 27 Mar 2002 12:30:05 +0100 (CET) From: Szabados Jozsef To: freebsd-ipfw@freebsd.org Message-ID: X-Originating-IP: [212.24.188.125] X-HTTP-User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.7) Gecko/20020123 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-2 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi! I would need some starting info about transparent proxying. So, first I forward the packet, on port xx to 127.0.0.1:xxxx the proxy get the packet, and it will see the destination ip 127.0.0.1, isn't it? So how can I find out the original destination ip address of the packet? Like linux with iptables: getsockopt(... SO_ORIGINAL_DST ...) Or with ipfilter's natlookup_t structure. (Long to insert here) But how, with ipfw? Any help (man/rtfm ;-) is appreciated, Best regards, Szabados Jozsef ps.: sorry for my bad english ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Mar 27 4:33: 4 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from fm2.freemail.hu (fm2.freemail.hu [195.228.242.202]) by hub.freebsd.org (Postfix) with SMTP id 5826337B419 for ; Wed, 27 Mar 2002 04:32:59 -0800 (PST) Received: (qmail 60129 invoked by uid 662851); 27 Mar 2002 13:32:46 +0100 Date: Wed, 27 Mar 2002 13:32:46 +0100 (CET) From: Szabados Jozsef Subject: transparent proxying To: freebsd-ipfw@freebsd.org In-Reply-To: Message-ID: X-Originating-IP: [212.24.188.125] X-HTTP-User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.7) Gecko/20020123 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-2 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Sorry, I forgot the subject. Szabados Jozsef =EDrta: > Hi! >=20 > I would need some starting info about transparent proxying. >=20 > So, first I forward the packet, on port xx to 127.0.0.1:xxxx > the proxy get the packet, and it will see the destination ip > 127.0.0.1, isn't it? So how can I find out the original > destination > ip address of the packet? >=20 > Like linux with iptables: > getsockopt(... SO_ORIGINAL_DST ...) >=20 > Or with ipfilter's natlookup_t structure. > (Long to insert here) >=20 > But how, with ipfw? >=20 > Any help (man/rtfm ;-) is appreciated, > Best regards, >=20 > Szabados Jozsef > ps.: sorry for my bad english ;-) > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Mar 27 15:38:15 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from rwcrmhc54.attbi.com (rwcrmhc54.attbi.com [216.148.227.87]) by hub.freebsd.org (Postfix) with ESMTP id A3B2137B41D for ; Wed, 27 Mar 2002 15:38:02 -0800 (PST) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc54.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020327233802.DILS1214.rwcrmhc54.attbi.com@blossom.cjclark.org>; Wed, 27 Mar 2002 23:38:02 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g2RNc1D94899; Wed, 27 Mar 2002 15:38:01 -0800 (PST) (envelope-from cjc) Date: Wed, 27 Mar 2002 15:38:01 -0800 From: "Crist J. Clark" To: Szabados Jozsef Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: transparent proxying Message-ID: <20020327153801.T89885@blossom.cjclark.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: ; from szabadosjozsef@freemail.hu on Wed, Mar 27, 2002 at 01:32:46PM +0100 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Mar 27, 2002 at 01:32:46PM +0100, Szabados Jozsef wrote: > Sorry, I forgot the subject. > > Szabados Jozsef írta: > > > Hi! > > > > I would need some starting info about transparent proxying. > > > > So, first I forward the packet, on port xx to 127.0.0.1:xxxx > > the proxy get the packet, and it will see the destination ip > > 127.0.0.1, isn't it? It will be _delivered_ to 127.0.0.1 > > So how can I find out the original > > destination > > ip address of the packet? Read it out of the packet. 'fwd' makes no modifications to the packet. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message