Date: Fri, 10 Aug 2001 20:48:55 -0400 From: "webdesigns COMNET" <webdesigns@comnet.ca> To: "Dave" <dave@reason.za.org> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: HELP PLEASE!! Message-ID: <001c01c121ff$6a1b84d0$0200000a@critter> References: <002c01c121dc$2b7a4680$0200000a@critter> <010d01c121dd$e6c8e8a0$3300a8c0@mandy>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0019_01C121DD.DEBAAEF0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Dave, Thanks for your reply. I tried what you suggested, and I'm still unable to direct incoming = traffic from 64.39.183.78 to the lan client 10.0.0.3.=20 Requests for 64.39.183.78 still goto the gateway box. Here is a few things that my help you determin the problem. [root@thunder:/etc]-> ifconfig -a sis0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 64.39.179.9 netmask 0xffffff00 broadcast 64.39.179.255 inet 64.39.183.72 netmask 0xffffffff broadcast 64.39.183.72 inet 64.39.183.73 netmask 0xffffffff broadcast 64.39.183.73 inet 64.39.183.74 netmask 0xffffffff broadcast 64.39.183.74 inet 64.39.183.75 netmask 0xffffffff broadcast 64.39.183.75 inet 64.39.183.76 netmask 0xffffffff broadcast 64.39.183.76 inet 64.39.183.77 netmask 0xffffffff broadcast 64.39.183.77 inet 64.39.183.78 netmask 0xffffffff broadcast 64.39.183.78 inet 64.39.183.79 netmask 0xffffffff broadcast 64.39.183.79 ether 00:30:18:80:20:10 media: Ethernet autoselect (10baseT/UTP) status: active rl0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 10.0.0.1 netmask 0xff000000 broadcast 10.255.255.255 ether 00:50:ba:86:16:47 media: Ethernet autoselect (100baseTX) status: active lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1 netmask 0xff000000 tun0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492 inet 64.39.176.9 --> 64.39.160.16 netmask 0xff000000 Opened by PID 148 [root@thunder:/etc]-> netstat -r Routing tables Internet: Destination Gateway Flags Refs Use Netif = Expire default speede01.access.go UGSc 36 61 tun0 10 link#2 UC 2 0 rl0 =3D> critter 0:50:ba:8a:c2:e4 UHLW 2 688 rl0 = 1158 chickalicious.com 0:50:ba:ea:60:36 UHLW 0 2 rl0 = 834 speede01.access.go 64.39.176.9 UH 43 0 tun0 64.39.179/24 link#1 UC 0 0 sis0 =3D> shellsandhosting.c link#1 UC 0 0 sis0 =3D> lightning/32 link#1 UC 0 0 sis0 =3D> this.is.a.vhost/32 link#1 UC 0 0 sis0 =3D> mainframe/32 link#1 UC 0 0 sis0 =3D> 64.39.183.76/32 link#1 UC 0 0 sis0 =3D> 64.39.183.77/32 link#1 UC 0 0 sis0 =3D> 64.39.183.78/32 link#1 UC 0 0 sis0 =3D> 64.39.183.79/32 link#1 UC 0 0 sis0 =3D> localhost localhost UH 1 73 lo0 [root@thunder:/etc]-> ipnat -l List of active MAP/Redirect filters: bimap sis0 10.0.0.3/32 -> 64.39.183.78/32 List of active sessions: [root@thunder:/etc]-> I have been trying for 3 days to route my webserver to the outside = world. All your help and input would be greatly appreciated. Jason ----- Original Message -----=20 From: Dave=20 To: webdesigns COMNET=20 Sent: Friday, August 10, 2001 4:49 PM Subject: Re: HELP PLEASE!! Hey, I would recommend using ipnat for one instead of natd (Part of IP = Filter). No particular reason, just a preference. Then its fairly simple, =20 =20 add ipnat_enable=3D"YES" to your /etc/rc.conf file. =20 then=20 echo "bimap sis0 10.0.0.3/32 -> 64.39.183.78/32" >> = /etc/ipnat.rules && ipnat -FC -f /etc/ipnat.rules =20 =20 Hope to have helped. --Dave. =20 ----- Original Message -----=20 From: ShellsAndHosting.com Administration=20 To: freebsd-security@FreeBSD.ORG=20 Sent: Friday, August 10, 2001 9:04 AM Subject: routing Hi, Can someone help me figure out a solution? Here is the setup: modem <-> FreeBSD Gateway <-> switch <-> Lan I would like to forward all request from 64.39.183.78 to a lan = client 10.0.0.3 I have tried using -redirect_address 10.0.0.3 64.39.183.78 with = natd, but it won't work. Any clue why? Interface sis0 is the public interface with 32 ips on it, i would = like to route a few of thoose ips through rl0 (the internal interface) = to my other lan machines. What and how would be my best way? =20 =20 =20 =20 ------=_NextPart_000_0019_01C121DD.DEBAAEF0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.3315.2870" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Hi Dave,</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Thanks for your = reply.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>I tried what you suggested, and I'm = still unable to=20 direct incoming traffic from 64.39.183.78 to the lan client 10.0.0.3.=20 </FONT></DIV> <DIV><FONT face=3DArial size=3D2>Requests for 64.39.183.78 still goto = the gateway=20 box.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Here is a few things that my help you = determin the=20 problem.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>[root@thunder:/etc]-> ifconfig = -a<BR>sis0:=20 flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu=20 1500<BR> inet 64.39.179.9 = netmask=20 0xffffff00 broadcast = 64.39.179.255<BR> =20 inet 64.39.183.72 netmask 0xffffffff broadcast=20 64.39.183.72<BR> inet = 64.39.183.73=20 netmask 0xffffffff broadcast=20 64.39.183.73<BR> inet = 64.39.183.74=20 netmask 0xffffffff broadcast=20 64.39.183.74<BR> inet = 64.39.183.75=20 netmask 0xffffffff broadcast=20 64.39.183.75<BR> inet = 64.39.183.76=20 netmask 0xffffffff broadcast=20 64.39.183.76<BR> inet = 64.39.183.77=20 netmask 0xffffffff broadcast=20 64.39.183.77<BR> inet = 64.39.183.78=20 netmask 0xffffffff broadcast=20 64.39.183.78<BR> inet = 64.39.183.79=20 netmask 0xffffffff broadcast=20 64.39.183.79<BR> ether=20 00:30:18:80:20:10<BR> media: = Ethernet=20 autoselect (10baseT/UTP)<BR> = status:=20 active<BR>rl0: = flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu=20 1500<BR> inet 10.0.0.1 netmask = 0xff000000 broadcast=20 10.255.255.255<BR> ether=20 00:50:ba:86:16:47<BR> media: = Ethernet=20 autoselect (100baseTX)<BR> = status:=20 active<BR>lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu=20 16384<BR> inet 127.0.0.1 = netmask=20 0xff000000<BR>tun0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> = mtu=20 1492<BR> inet 64.39.176.9 = -->=20 64.39.160.16 netmask = 0xff000000<BR> =20 Opened by PID 148<BR></FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>[root@thunder:/etc]-> netstat = -r<BR>Routing=20 tables</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial=20 size=3D2>Internet:<BR>Destination &nbs= p;=20 Gateway = =20 Flags Refs Use = Netif=20 Expire<BR>default &n= bsp; =20 speede01.access.go UGSc =20 36 61 =20 tun0<BR>10 &nb= sp; =20 link#2 &= nbsp;=20 UC =20 2 0 rl0=20 =3D><BR>critter &= nbsp; =20 0:50:ba:8a:c2:e4 = UHLW =20 2 688 rl0 =20 1158<BR>chickalicious.com 0:50:ba:ea:60:36 =20 UHLW =20 0 2 =20 rl0 834<BR>speede01.access.go=20 64.39.176.9 =20 UH =20 43 0 =20 tun0<BR>64.39.179/24 =20 link#1 &= nbsp;=20 UC =20 0 0 sis0=20 =3D><BR>shellsandhosting.c=20 link#1 &= nbsp;=20 UC =20 0 0 sis0=20 =3D><BR>lightning/32 =20 link#1 &= nbsp;=20 UC =20 0 0 sis0=20 =3D><BR>this.is.a.vhost/32=20 link#1 &= nbsp;=20 UC =20 0 0 sis0=20 =3D><BR>mainframe/32 =20 link#1 &= nbsp;=20 UC =20 0 0 sis0=20 =3D><BR>64.39.183.76/32 =20 link#1 &= nbsp;=20 UC =20 0 0 sis0=20 =3D><BR>64.39.183.77/32 =20 link#1 &= nbsp;=20 UC =20 0 0 sis0=20 =3D><BR>64.39.183.78/32 =20 link#1 &= nbsp;=20 UC =20 0 0 sis0=20 =3D><BR>64.39.183.79/32 =20 link#1 &= nbsp;=20 UC =20 0 0 sis0=20 =3D><BR>localhost  = ;=20 localhost =20 UH =20 1 73 = lo0</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>[root@thunder:/etc]-> ipnat = -l<BR>List of active=20 MAP/Redirect filters:<BR>bimap sis0 10.0.0.3/32 ->=20 64.39.183.78/32</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>List of active=20 sessions:<BR>[root@thunder:/etc]-><BR></FONT></DIV> <DIV><FONT face=3DArial size=3D2>I have been trying for 3 days to route = my webserver=20 to the outside world. All your help and input would be greatly=20 appreciated.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Jason</FONT></DIV> <DIV><FONT face=3DArial size=3D2><BR> </DIV></FONT> <BLOCKQUOTE dir=3Dltr=20 style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: = 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px"> <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV> <DIV=20 style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = black"><B>From:</B>=20 <A href=3D"mailto:dave@reason.za.org" = title=3Ddave@reason.za.org>Dave</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A = href=3D"mailto:webdesigns@comnet.ca"=20 title=3Dwebdesigns@comnet.ca>webdesigns COMNET</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Friday, August 10, 2001 = 4:49=20 PM</DIV> <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Re: HELP = PLEASE!!</DIV> <DIV><BR></DIV> <DIV><FONT face=3DArial size=3D2>Hey,</FONT></DIV> <DIV><FONT face=3DArial size=3D2> I would recommend = using ipnat=20 for one instead of natd (Part of IP Filter).</FONT></DIV> <DIV><FONT face=3DArial size=3D2> No particular = reason, just a=20 preference.</FONT></DIV> <DIV><FONT face=3DArial size=3D2> Then its fairly=20 simple,</FONT></DIV> <DIV><FONT face=3DArial size=3D2> </FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>add ipnat_enable=3D"YES"<BR>to your = /etc/rc.conf=20 file.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>then </FONT></DIV> <DIV><FONT face=3DArial size=3D2> echo "bimap=20 sis0 10.0.0.3/32 -> 64.39.183.78/32" >>=20 /etc/ipnat.rules && ipnat -FC -f = /etc/ipnat.rules</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2> </FONT></DIV> <DIV><FONT face=3DArial size=3D2>Hope to have helped.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>--Dave.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV>----- Original Message ----- </DIV> <BLOCKQUOTE dir=3Dltr=20 style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; = MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px"> <DIV style=3D"FONT: 10pt arial"> <DIV style=3D"BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> = <A=20 href=3D"mailto:admin@shellsandhosting.com"=20 title=3Dadmin@shellsandhosting.com>ShellsAndHosting.com = Administration</A>=20 </DIV> <DIV><B>To:</B> <A href=3D"mailto:freebsd-security@FreeBSD.ORG"=20 = title=3Dfreebsd-security@FreeBSD.ORG>freebsd-security@FreeBSD.ORG</A> = </DIV> <DIV><B>Sent:</B> Friday, August 10, 2001 9:04 AM</DIV> <DIV><B>Subject:</B> routing</DIV></DIV> <DIV><FONT face=3DArial size=3D2></FONT><BR></DIV> <DIV><FONT face=3DArial size=3D2>Hi,</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Can someone help me figure out a=20 solution?</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Here is the setup: modem = <->=20 FreeBSD Gateway <-> switch <-> Lan</FONT></DIV> <DIV><FONT face=3DArial size=3D2>I would like to forward all request = from=20 64.39.183.78 to a lan client 10.0.0.3</FONT></DIV> <DIV><FONT face=3DArial size=3D2>I have tried using = -redirect_address 10.0.0.3=20 64.39.183.78 with natd, but it won't work. Any clue = why?</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Interface sis0 is the public = interface with 32=20 ips on it, i would like to route a few of thoose ips through rl0 = (the=20 internal interface) to my other lan machines.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>What and how would be my best = way?</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial=20 size=3D2></FONT> </DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_0019_01C121DD.DEBAAEF0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001c01c121ff$6a1b84d0$0200000a>