Date: Wed, 10 Jul 2002 14:06:07 -0300 From: "Luiz Morte da Costa Jr" <morte@dsee.fee.unicamp.br> To: <ipfw@FreeBSD.ORG> Subject: rexec Message-ID: <JOEOLCOLHDHJOCFFCBAFGEACCGAA.morte@dsee.fee.unicamp.br>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0008_01C2281A.EFDC5410
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi there,
I have a ipfw+nat running in a FreeBSD 4.5.
I have this configuration:
Internet 1 (fxp0) Internet 2 (fxp1)
(a.b.c.164) (a.b.d.80)
/ \ / \
| |
--------------------------------------------------
|
\ /
Internal (fxp2)
(10.10.10.129)
Obs:
- The IP Class x.y.z.0 is in fxp0 network.
- The default route to a.b.c.0 IP Class is a.b.c.129
- In /etc/rc.conf
defaultrouter=3D"a.b.d.65"
I have a sun with a valid IP and with a calendar server running
- IP: a.b.c.152
- valid IP
- calendar server running
I have a PC in a internal network
- IP: 10.10.10.130
- no valid IP
- calendar client
My problem is to have access in a calendar server from a internal IP =
(10.10.10.130)
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
NAT:
/sbin/natd -p 8668 -n fxp0 (natd)
/sbin/natd -p 8669 -n fxp1 (natd2)
My rules are:
# Internal IP Class
add 0011 skipto 0055 all from a.b.c.0/24 to any
add 0012 skipto 0055 all from any to a.b.c.0/24
add 0013 skipto 0055 all from x.y.z.0/24 to any
add 0014 skipto 0055 all from any to x.y.z.0/24
#
# NAT for all IP Class
add 0051 divert natd2 all from any to any
add 0052 skipto 0100 all from any to any
#
# NAT for Internal IP Class
add 0055 divert natd all from any to any
# forward internal IP Class
add 0056 fwd a.b.c.129 all from a.b.c.164 to any out
#
# Deny source routing, record route
add 0100 deny log tcp from any to any ipoptions ssrr,lsrr,rr
# Allow loop back
add 0102 allow all from any to any via lo0
#
# Allow all (for test)
add 60000 allow log logamount 20000 all from any to any
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D
Thanks any way,
Luiz.
------=_NextPart_000_0008_01C2281A.EFDC5410
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2>Hi there,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I have a ipfw+nat running in a FreeBSD=20
4.5.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>I have =
this=20
configuration:</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3D151191713-10072002>Internet=20
1 (fxp0) Internet =
2=20
(fxp1)</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3D151191713-10072002> =20
(a.b.c.164) &n=
bsp; (a.b.d.80)</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002> / \ &n=
bsp; &nb=
sp;=20
&=
nbsp; /=20
\</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002> =20
| =
=20
=
|</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002>----------------------------------------------=
----</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002> &nbs=
p; =20
|</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002> &nbs=
p; =20
\ /</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002> &nbs=
p; =20
Internal (fxp2)</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002> &nbs=
p; =20
(10.10.10.129)</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002>Obs:</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>- The =
IP Class=20
x.y.z.0 is in fxp0 network.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>- The =
default=20
route to a.b.c.0 IP Class is =
a.b.c.129</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>-=20
</SPAN></FONT><FONT face=3DArial size=3D2><SPAN =
class=3D151191713-10072002>In=20
/etc/rc.conf</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002> =
defaultrouter=3D</SPAN></FONT>"<FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002>a.b.d.65"</SPAN></FONT></DIV></SPAN></FONT></D=
IV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>I have =
a sun with a=20
valid IP and with a calendar server running</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>- IP:=20
a.b.c.152</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>- =
valid=20
IP</SPAN></FONT></DIV></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>- =
calendar server=20
running</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>I have =
a PC in a=20
internal network</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>- IP:=20
10.10.10.130</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>- no =
valid=20
IP</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>- =
calendar=20
client</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>My =
problem is to=20
have access in a calendar server from a internal IP=20
(10.10.10.130)</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002>NAT:</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3D151191713-10072002>/sbin/natd -p 8668=20
-n fxp0 (natd)<BR>/sbin/natd -p 8669 -n fxp1 =20
(natd2)<BR></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>My =
rules=20
are:</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002># =
Internal IP=20
Class</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>add =
0011 skipto 0055=20
all from a.b.c.0/24 to any<BR>add 0012 skipto 0055 all from any to=20
a.b.c.0/24<BR>add 0013 skipto 0055 all from x.y.z.0/24 to any<BR>add =
0014 skipto=20
0055 all from any to x.y.z.0/24<BR>#</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002># NAT =
for all IP=20
Class<BR>add 0051 divert natd2 all from any to any<BR>add 0052 skipto =
0100 all=20
from any to any<BR>#</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002># NAT =
for Internal=20
IP Class<BR>add 0055 divert natd all from any to any<BR># forward =
internal IP=20
Class<BR>add 0056 fwd a.b.c.129 all from a.b.c.164 to any out<BR>#<BR>#=20
Deny source routing, record route<BR>add 0100 deny log tcp from any =
to any=20
ipoptions ssrr,lsrr,rr<BR># Allow loop back<BR>add 0102 allow all =
from any=20
to any via lo0<BR></SPAN></FONT><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002>#<BR># Allow all (for test)<BR>add 60000 =
allow log=20
logamount 20000 all from any to=20
any<BR>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D</DIV></SPAN></FONT>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D151191713-10072002>Thanks =
any=20
way,</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D151191713-10072002>Luiz.</SPAN></FONT></DIV></BODY></HTML>
------=_NextPart_000_0008_01C2281A.EFDC5410--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?JOEOLCOLHDHJOCFFCBAFGEACCGAA.morte>