Date: Fri, 10 Aug 2001 20:48:55 -0400 From: "webdesigns COMNET" <webdesigns@comnet.ca> To: "Dave" <dave@reason.za.org> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: HELP PLEASE!! Message-ID: <001c01c121ff$6a1b84d0$0200000a@critter> References: <002c01c121dc$2b7a4680$0200000a@critter> <010d01c121dd$e6c8e8a0$3300a8c0@mandy>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0019_01C121DD.DEBAAEF0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi Dave,
Thanks for your reply.
I tried what you suggested, and I'm still unable to direct incoming =
traffic from 64.39.183.78 to the lan client 10.0.0.3.=20
Requests for 64.39.183.78 still goto the gateway box.
Here is a few things that my help you determin the problem.
[root@thunder:/etc]-> ifconfig -a
sis0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 64.39.179.9 netmask 0xffffff00 broadcast 64.39.179.255
inet 64.39.183.72 netmask 0xffffffff broadcast 64.39.183.72
inet 64.39.183.73 netmask 0xffffffff broadcast 64.39.183.73
inet 64.39.183.74 netmask 0xffffffff broadcast 64.39.183.74
inet 64.39.183.75 netmask 0xffffffff broadcast 64.39.183.75
inet 64.39.183.76 netmask 0xffffffff broadcast 64.39.183.76
inet 64.39.183.77 netmask 0xffffffff broadcast 64.39.183.77
inet 64.39.183.78 netmask 0xffffffff broadcast 64.39.183.78
inet 64.39.183.79 netmask 0xffffffff broadcast 64.39.183.79
ether 00:30:18:80:20:10
media: Ethernet autoselect (10baseT/UTP)
status: active
rl0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 0xff000000 broadcast 10.255.255.255
ether 00:50:ba:86:16:47
media: Ethernet autoselect (100baseTX)
status: active
lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
tun0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492
inet 64.39.176.9 --> 64.39.160.16 netmask 0xff000000
Opened by PID 148
[root@thunder:/etc]-> netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif =
Expire
default speede01.access.go UGSc 36 61 tun0
10 link#2 UC 2 0 rl0 =3D>
critter 0:50:ba:8a:c2:e4 UHLW 2 688 rl0 =
1158
chickalicious.com 0:50:ba:ea:60:36 UHLW 0 2 rl0 =
834
speede01.access.go 64.39.176.9 UH 43 0 tun0
64.39.179/24 link#1 UC 0 0 sis0 =3D>
shellsandhosting.c link#1 UC 0 0 sis0 =3D>
lightning/32 link#1 UC 0 0 sis0 =3D>
this.is.a.vhost/32 link#1 UC 0 0 sis0 =3D>
mainframe/32 link#1 UC 0 0 sis0 =3D>
64.39.183.76/32 link#1 UC 0 0 sis0 =3D>
64.39.183.77/32 link#1 UC 0 0 sis0 =3D>
64.39.183.78/32 link#1 UC 0 0 sis0 =3D>
64.39.183.79/32 link#1 UC 0 0 sis0 =3D>
localhost localhost UH 1 73 lo0
[root@thunder:/etc]-> ipnat -l
List of active MAP/Redirect filters:
bimap sis0 10.0.0.3/32 -> 64.39.183.78/32
List of active sessions:
[root@thunder:/etc]->
I have been trying for 3 days to route my webserver to the outside =
world. All your help and input would be greatly appreciated.
Jason
----- Original Message -----=20
From: Dave=20
To: webdesigns COMNET=20
Sent: Friday, August 10, 2001 4:49 PM
Subject: Re: HELP PLEASE!!
Hey,
I would recommend using ipnat for one instead of natd (Part of IP =
Filter).
No particular reason, just a preference.
Then its fairly simple,
=20
=20
add ipnat_enable=3D"YES"
to your /etc/rc.conf file.
=20
then=20
echo "bimap sis0 10.0.0.3/32 -> 64.39.183.78/32" >> =
/etc/ipnat.rules && ipnat -FC -f /etc/ipnat.rules
=20
=20
Hope to have helped.
--Dave.
=20
----- Original Message -----=20
From: ShellsAndHosting.com Administration=20
To: freebsd-security@FreeBSD.ORG=20
Sent: Friday, August 10, 2001 9:04 AM
Subject: routing
Hi,
Can someone help me figure out a solution?
Here is the setup: modem <-> FreeBSD Gateway <-> switch <-> Lan
I would like to forward all request from 64.39.183.78 to a lan =
client 10.0.0.3
I have tried using -redirect_address 10.0.0.3 64.39.183.78 with =
natd, but it won't work. Any clue why?
Interface sis0 is the public interface with 32 ips on it, i would =
like to route a few of thoose ips through rl0 (the internal interface) =
to my other lan machines.
What and how would be my best way?
=20
=20
=20
=20
------=_NextPart_000_0019_01C121DD.DEBAAEF0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3315.2870" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi Dave,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks for your =
reply.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I tried what you suggested, and I'm =
still unable to=20
direct incoming traffic from 64.39.183.78 to the lan client 10.0.0.3.=20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Requests for 64.39.183.78 still goto =
the gateway=20
box.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Here is a few things that my help you =
determin the=20
problem.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>[root@thunder:/etc]-> ifconfig =
-a<BR>sis0:=20
flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu=20
1500<BR> inet 64.39.179.9 =
netmask=20
0xffffff00 broadcast =
64.39.179.255<BR> =20
inet 64.39.183.72 netmask 0xffffffff broadcast=20
64.39.183.72<BR> inet =
64.39.183.73=20
netmask 0xffffffff broadcast=20
64.39.183.73<BR> inet =
64.39.183.74=20
netmask 0xffffffff broadcast=20
64.39.183.74<BR> inet =
64.39.183.75=20
netmask 0xffffffff broadcast=20
64.39.183.75<BR> inet =
64.39.183.76=20
netmask 0xffffffff broadcast=20
64.39.183.76<BR> inet =
64.39.183.77=20
netmask 0xffffffff broadcast=20
64.39.183.77<BR> inet =
64.39.183.78=20
netmask 0xffffffff broadcast=20
64.39.183.78<BR> inet =
64.39.183.79=20
netmask 0xffffffff broadcast=20
64.39.183.79<BR> ether=20
00:30:18:80:20:10<BR> media: =
Ethernet=20
autoselect (10baseT/UTP)<BR> =
status:=20
active<BR>rl0: =
flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu=20
1500<BR> inet 10.0.0.1 netmask =
0xff000000 broadcast=20
10.255.255.255<BR> ether=20
00:50:ba:86:16:47<BR> media: =
Ethernet=20
autoselect (100baseTX)<BR> =
status:=20
active<BR>lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu=20
16384<BR> inet 127.0.0.1 =
netmask=20
0xff000000<BR>tun0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> =
mtu=20
1492<BR> inet 64.39.176.9 =
-->=20
64.39.160.16 netmask =
0xff000000<BR> =20
Opened by PID 148<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>[root@thunder:/etc]-> netstat =
-r<BR>Routing=20
tables</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial=20
size=3D2>Internet:<BR>Destination &nbs=
p;=20
Gateway =
=20
Flags Refs Use =
Netif=20
Expire<BR>default &n=
bsp; =20
speede01.access.go UGSc =20
36 61 =20
tun0<BR>10 &nb=
sp; =20
link#2 &=
nbsp;=20
UC =20
2 0 rl0=20
=3D><BR>critter &=
nbsp; =20
0:50:ba:8a:c2:e4 =
UHLW =20
2 688 rl0 =20
1158<BR>chickalicious.com 0:50:ba:ea:60:36 =20
UHLW =20
0 2 =20
rl0 834<BR>speede01.access.go=20
64.39.176.9 =20
UH =20
43 0 =20
tun0<BR>64.39.179/24 =20
link#1 &=
nbsp;=20
UC =20
0 0 sis0=20
=3D><BR>shellsandhosting.c=20
link#1 &=
nbsp;=20
UC =20
0 0 sis0=20
=3D><BR>lightning/32 =20
link#1 &=
nbsp;=20
UC =20
0 0 sis0=20
=3D><BR>this.is.a.vhost/32=20
link#1 &=
nbsp;=20
UC =20
0 0 sis0=20
=3D><BR>mainframe/32 =20
link#1 &=
nbsp;=20
UC =20
0 0 sis0=20
=3D><BR>64.39.183.76/32 =20
link#1 &=
nbsp;=20
UC =20
0 0 sis0=20
=3D><BR>64.39.183.77/32 =20
link#1 &=
nbsp;=20
UC =20
0 0 sis0=20
=3D><BR>64.39.183.78/32 =20
link#1 &=
nbsp;=20
UC =20
0 0 sis0=20
=3D><BR>64.39.183.79/32 =20
link#1 &=
nbsp;=20
UC =20
0 0 sis0=20
=3D><BR>localhost  =
;=20
localhost =20
UH =20
1 73 =
lo0</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>[root@thunder:/etc]-> ipnat =
-l<BR>List of active=20
MAP/Redirect filters:<BR>bimap sis0 10.0.0.3/32 ->=20
64.39.183.78/32</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>List of active=20
sessions:<BR>[root@thunder:/etc]-><BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I have been trying for 3 days to route =
my webserver=20
to the outside world. All your help and input would be greatly=20
appreciated.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Jason</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><BR> </DIV></FONT>
<BLOCKQUOTE dir=3Dltr=20
style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: =
0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A href=3D"mailto:dave@reason.za.org" =
title=3Ddave@reason.za.org>Dave</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
href=3D"mailto:webdesigns@comnet.ca"=20
title=3Dwebdesigns@comnet.ca>webdesigns COMNET</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Friday, August 10, 2001 =
4:49=20
PM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Re: HELP =
PLEASE!!</DIV>
<DIV><BR></DIV>
<DIV><FONT face=3DArial size=3D2>Hey,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> I would recommend =
using ipnat=20
for one instead of natd (Part of IP Filter).</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> No particular =
reason, just a=20
preference.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> Then its fairly=20
simple,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>add ipnat_enable=3D"YES"<BR>to your =
/etc/rc.conf=20
file.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>then </FONT></DIV>
<DIV><FONT face=3DArial size=3D2> echo "bimap=20
sis0 10.0.0.3/32 -> 64.39.183.78/32" >>=20
/etc/ipnat.rules && ipnat -FC -f =
/etc/ipnat.rules</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Hope to have helped.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>--Dave.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>----- Original Message ----- </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; =
MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">
<DIV style=3D"BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> =
<A=20
href=3D"mailto:admin@shellsandhosting.com"=20
title=3Dadmin@shellsandhosting.com>ShellsAndHosting.com =
Administration</A>=20
</DIV>
<DIV><B>To:</B> <A href=3D"mailto:freebsd-security@FreeBSD.ORG"=20
=
title=3Dfreebsd-security@FreeBSD.ORG>freebsd-security@FreeBSD.ORG</A> =
</DIV>
<DIV><B>Sent:</B> Friday, August 10, 2001 9:04 AM</DIV>
<DIV><B>Subject:</B> routing</DIV></DIV>
<DIV><FONT face=3DArial size=3D2></FONT><BR></DIV>
<DIV><FONT face=3DArial size=3D2>Hi,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Can someone help me figure out a=20
solution?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Here is the setup: modem =
<->=20
FreeBSD Gateway <-> switch <-> Lan</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I would like to forward all request =
from=20
64.39.183.78 to a lan client 10.0.0.3</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I have tried using =
-redirect_address 10.0.0.3=20
64.39.183.78 with natd, but it won't work. Any clue =
why?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Interface sis0 is the public =
interface with 32=20
ips on it, i would like to route a few of thoose ips through rl0 =
(the=20
internal interface) to my other lan machines.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>What and how would be my best =
way?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial=20
size=3D2></FONT> </DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0019_01C121DD.DEBAAEF0--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001c01c121ff$6a1b84d0$0200000a>