Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 21 Jan 2002 15:01:57 +0100
From:      J.S. <johann@broadpark.no>
To:        freebsd-questions@freebsd.org
Cc:        kundeservice@nextgentel.com
Subject:   Cisco 677i-DIR's "show nat"
Message-ID:  <20020121150158.2ca049cc.johann@broadpark.no>

next in thread | raw e-mail | index | archive | help
Hi.

I'm connected on an ADSL connection through a Cisco 677i-Dir ADSL-modem
(router) which then heads straight to my ISP (nextgentel.no).

Every time a daemon or an application needs to go through a port, I have
to manually add a redirection entry on the router (10.0.0.1) through
telnet.

I just added these entries:

---------------------------------------------------------- >>
identd:          set nat entry add 10.0.0.2 113 0.0.0.0 113 tcp
ftpd/sshd:       set nat entry add 10.0.0.2 20-22 0.0.0.0 20-22 tcp
apache:          set nat entry add 10.0.0.2 80 0.0.0.0 80 tcp
bind:            set nat entry add 10.0.0.2 53 0.0.0.0 53 tcp
dcc:             set nat entry add 10.0.0.2 1024-5000 0.0.0.0 1024-5000 tcp
---------------------------------------------------------- >>

The command 'show nat' prints the current NAT activity:

---------------------------------------------------------- >>
cbos>show nat

NAT is currently enabled

Port      Network        Global
eth0      Inside       
wan0-0    Outside      217.13.**.**
vip0      Outside      
vip1      Outside      
vip2      Outside      

      Local IP : Port      Global IP : Port      Timer Flags    Proto Interface
       10.0.0.2:6666            *****:6666         0   0x10041  tcp   eth0 
               -6700                 -6700 
       10.0.0.2:6666            *****:6666         0   0x00041  tcp   eth0 
       10.0.0.2:6667            *****:6667         0   0x10041  tcp   eth0 
               -6700                 -6700 
       10.0.0.2:1024            *****:1024         0   0x10041  tcp   eth0 
               -5000                 -5000 
       10.0.0.2:1024            *****:1024         0   0x10041  tcp   eth0 
               -4999                 -4999 
       10.0.0.2:53              *****:53           0   0x00041  tcp   eth0 
       10.0.0.2:80              *****:80           0   0x00041  tcp   eth0 
       10.0.0.2:20              *****:20           0   0x10041  tcp   eth0 
               -22                   -22   
       10.0.0.2:49152           *****:49152        0   0x10041  tcp   eth0 
               -65535                -65535
       10.0.0.2:113             *****:113          0   0x00041  tcp   eth0 
       10.0.0.2:1030            *****:1030         0   0x10041  tcp   eth0 
               -1040                 -1040 
       10.0.0.2:2001            *****:2001         0   0x00041  tcp   eth0 
       10.0.0.2:21              *****:21           0   0x00041  tcp   eth0 
       10.0.0.2:1               *****:1            0   0x10041  icmp  eth0 
               -65000                -65000
       10.0.0.2:1               *****:1            0   0x10041  udp   eth0 
               -65000                -65000
       10.0.0.2:1               *****:1            0   0x10041  tcp   eth0 
               -65000                -65000
       10.0.0.2:2412     217.13.**.**:2412      1140   0x04046  tcp   eth0 wan0-0
       10.0.0.2:2416     217.13.**.**:2416      1200   0x04046  tcp   eth0 wan0-0
       10.0.0.2:2441     217.13.**.**:2441      1200   0x04046  tcp   eth0 wan0-0
       10.0.0.2:2465     217.13.**.**:2465      1140   0x04046  tcp   eth0 wan0-0
       10.0.0.2:1157     217.13.**.**:1157       120   0x04046  udp   eth0 wan0-0
       10.0.0.2:1158     217.13.**.**:1158       120   0x04046  udp   eth0 wan0-0
       10.0.0.2:1159     217.13.**.**:1159       270   0x04046  udp   eth0 wan0-0
       10.0.0.2:2984     217.13.**.**:2984       900   0x04046  tcp   eth0 wan0-0
       10.0.0.2:2985     217.13.**.**:2985       900   0x04046  tcp   eth0 wan0-0
       10.0.0.2:2986     217.13.**.**:2986       900   0x04046  tcp   eth0 wan0-0
       10.0.0.2:2987     217.13.**.**:2987       900   0x04046  tcp   eth0 wan0-0
       10.0.0.2:1160     217.13.**.**:1160       270   0x04046  udp   eth0 wan0-0
       10.0.0.2:1161     217.13.**.**:1161       300   0x04046  udp   eth0 wan0-0
       10.0.0.2:2990     217.13.**.**:2990       900   0x04046  tcp   eth0 wan0-0
       10.0.0.2:1162     217.13.**.**:1162       300   0x04046  udp   eth0 wan0-0
       10.0.0.2:3008     217.13.**.**:3008      1200   0x04046  tcp   eth0 wan0-0
       10.0.0.2:1163     217.13.**.**:1163       600   0x04046  udp   eth0 wan0-0
       10.0.0.2:3010     217.13.**.**:3010        60   0x04046  tcp   eth0 wan0-0
---------------------------------------------------------- >>

Now, this is what wonders me:

1. How come the portranges 1024-4999, 49152-65535, 1030-1040, 2001 and
1-65000 are open? All of these are portranges I've opened in the past (in
unsuccessful attempts to get my DCC working), which ought to have been
deleted by the 'set nat entry del all' which I just performed. I tried
deleting them one by one as well, though that didn't seem to have much
effect:

cbos#set nat entry delete 10.0.0.2 49152-65535 0.0.0.0 49152-65535 tcp
Error: You entered an invalid port number

2. I just discovered that using the setting /set DCC_USE_OWN_IP in my IRC
client will allow my DCC to function properly. Is this something that
could have been done without opening the portrange 1024-5000? I mean, does
the low portrange FreeBSD uses really have to be added? If so, what about
the high portrange, 49152-65535?

Well, this is it. Thanks.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020121150158.2ca049cc.johann>