Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 02 Mar 2010 15:09:13 -0600
From:      Tim Daneliuk <tundra@tundraware.com>
To:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Help ipfw / nat / JetDirect Pain Appreciated
Message-ID:  <4B8D7E79.3040705@tundraware.com>

next in thread | raw e-mail | index | archive | help
I would appreciate any insight you folk here might have for the following
problem.  What I am trying to do is have wireless clients on one network
print to a JetDirect-connected printer on another network as follows:

Machine A is a NATing firewall (FBSD 8.0) for nonroutable network  A - 192.168.0.x
Machine A is a NATing wireless router (Linksys WRT-54G) for nonroutable network B -  192.168.1.x

Both Machine A and B have static routable addresses and are directly
connected to the internet.  They are also on the same subnet.  In fact,
they're plugged into the same switch that the internet hose comes in on.

There is an HP Laserjet connected via JetDirect on the first network
at 192.168.0.122.   I have added this to machine A's NAT config
to make that port appear on the outside IP address:

  redirect_port tcp 192.168.0.102:9100 machine.A.IP.addr:9100

natd was then restarted.

I then added this firewall rule on Machine A:

  ipfw add allow tcp from machine.B.IP.addr to machine.A.IP.addr 9100 

And the firewall was restarted.

Now, I jump onto a machine on (wireless) Network B and attempt to telnet
to port 9100 on machine A, just to see if the port is properly
being redirected and I can get to it.  Machine A burps out the
following in /var/log/security:

ipfw: 7500 Deny TCP machine.B.IP.addr:49192 192.168.0.102:9100 in via fxp0

Anyone have an idea what's going on here?  It looks like the telnet is
attempting to rendezvous on port 49192 but the firewall isn't letting
that happen.  Any idea how I add a rule to permit this?


TIA,



-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B8D7E79.3040705>