FreeBSD Mail Archives

Date:      Mon, 12 Jan 2004 21:38:23 -0600
From:      "Budec" <budec@qwest.net>
To:        "Ronnie Clark" <ronnie@txnetsecurity.com>, "'Budec'" <budec@qwest.net>, "'FreeBSD-questions list'" <freebsd-questions@freebsd.org>
Subject:   RE: Port forwarding
Message-ID:  <DIEOLEPNIDLIJHMBILKJOEFFDIAA.budec@qwest.net>
In-Reply-To: <005001c3d981$77e34ee0$0a07070a@bullitt>


Here is a sump, but don't understand it to well.  The server is up on
192.168.17.25:5122, I can connect to it internally.  The public interface is
63.231.238.22[6-9] (alaised).

Here is how I did the dump:

fired up server on 192.168.17.25:5122
fired up client on 192.168.17.25

start tcpdump

tried to connect client to 63.231.236:5122  (got a timeout)


right here is says:
21:05:34.275532 63.231.238.226 > 192.168.17.25: icmp: 63.231.238.226 udp
port 5122 unreachable

I can connect to 192.168.17.25:5122, but can not connect to
63.231.238.226:5122 (which is what the redirect was supose to do)... odd.

:





tcpdump
tcpdump: listening on dc0
21:05:32.595934 63.231.238.229.ssh > 192.168.17.25.2403: P
387949093:387949113(20) ack 293470606 win 58400 (DF) [tos
0]
21:05:32.596229 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 20 win 64671
(DF)
21:05:32.814715 modemcable061.174-130-66.mc.videotron.ca.timeflies >
192.168.17.25.5122: udp 30
21:05:32.827613 192.168.17.25.5122 >
modemcable061.174-130-66.mc.videotron.ca.timeflies: udp 82
21:05:33.686005 63.231.238.229.ssh > 192.168.17.25.2403: P 20:96(76) ack 1
win 58400 (DF) [tos 0x10]
21:05:33.776010 63.231.238.229.ssh > 192.168.17.25.2403: P 96:204(108) ack 1
win 58400 (DF) [tos 0x10]
21:05:33.776302 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 204 win 64487
(DF)
21:05:34.275477 192.168.17.25.5120 > 63.231.238.226.5122: udp 7
21:05:34.275532 63.231.238.226 > 192.168.17.25: icmp: 63.231.238.226 udp
port 5122 unreachable
21:05:34.757215 63.231.238.229.ssh > 192.168.17.25.2403: P 204:280(76) ack 1
win 58400 (DF) [tos 0x10]
21:05:34.825972 63.231.238.229.ssh > 192.168.17.25.2403: P 280:348(68) ack 1
win 58400 (DF) [tos 0x10]
21:05:34.827014 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 348 win 64343
(DF)
21:05:35.806324 63.231.238.229.ssh > 192.168.17.25.2403: P 348:424(76) ack 1
win 58400 (DF) [tos 0x10]
21:05:35.981990 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 424 win 64267
(DF)
21:05:36.825995 63.231.238.229.ssh > 192.168.17.25.2403: P 424:484(60) ack 1
win 58400 (DF) [tos 0x10]
21:05:36.966216 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 484 win 64207
(DF)
21:05:37.265686 192.168.17.25.5120 > 63.231.238.226.5122: udp 7
21:05:37.265739 63.231.238.226 > 192.168.17.25: icmp: 63.231.238.226 udp
port 5122 unreachable
21:05:37.806579 63.231.238.229.ssh > 192.168.17.25.2403: P 484:568(84) ack 1
win 58400 (DF) [tos 0x10]
21:05:37.950460 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 568 win 64123
(DF)
21:05:38.610046 66-252-38-4.da.midmaine.com.4796 > 192.168.17.25.5122: udp
30
21:05:38.622523 192.168.17.25.5122 > 66-252-38-4.da.midmaine.com.4796: udp
82
21:05:38.826013 63.231.238.229.ssh > 192.168.17.25.2403: P 568:620(52) ack 1
win 58400 (DF) [tos 0x10]
21:05:38.995998 63.231.238.229.ssh > 192.168.17.25.2403: P 620:696(76) ack 1
win 58400 (DF) [tos 0x10]
21:05:38.996292 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 696 win 65535
(DF)
21:05:39.977208 63.231.238.229.ssh > 192.168.17.25.2403: P 696:764(68) ack 1
win 58400 (DF) [tos 0x10]
21:05:40.137627 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 764 win 65467
(DF)
21:05:40.264393 192.168.17.25.5120 > 63.231.238.226.5122: udp 7
21:05:40.264446 63.231.238.226 > 192.168.17.25: icmp: 63.231.238.226 udp
port 5122 unreachable
21:05:40.977293 63.231.238.229.ssh > 192.168.17.25.2403: P 764:840(76) ack 1
win 58400 (DF) [tos 0x10]
21:05:41.121873 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 840 win 65391
(DF)
21:05:41.995989 63.231.238.229.ssh > 192.168.17.25.2403: P 840:900(60) ack 1
win 58400 (DF) [tos 0x10]
21:05:42.106104 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 900 win 65331
(DF)
21:05:42.887644 192.168.17.25 > one.knight-sec.com:
ESP(spi=0x90d0bf23,seq=0x14)
21:05:42.973166 one.knight-sec.com > 192.168.17.25:
ESP(spi=0x8648ada9,seq=0xf)
21:05:42.996037 63.231.238.229.ssh > 192.168.17.25.2403: P 900:960(60) ack 1
win 58400 (DF) [tos 0x10]
21:05:43.046118 63.231.238.229.ssh > 192.168.17.25.2403: P 960:1068(108) ack
1 win 58400 (DF) [tos 0x10]
21:05:43.046411 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1068 win
65163 (DF)
21:05:43.265374 192.168.17.25.5120 > 63.231.238.226.5122: udp 7
21:05:43.265425 63.231.238.226 > 192.168.17.25: icmp: 63.231.238.226 udp
port 5122 unreachable
21:05:44.026518 63.231.238.229.ssh > 192.168.17.25.2403: P 1068:1144(76) ack
1 win 58400 (DF) [tos 0x10]
21:05:44.046022 63.231.238.229.ssh > 192.168.17.25.2403: P 1144:1188(44) ack
1 win 58400 (DF) [tos 0x10]
21:05:44.046295 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1188 win
65043 (DF)
21:05:45.026581 63.231.238.229.ssh > 192.168.17.25.2403: P 1188:1272(84) ack
1 win 58400 (DF) [tos 0x10]
21:05:45.168160 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1272 win
64959 (DF)
21:05:46.046080 63.231.238.229.ssh > 192.168.17.25.2403: P 1272:1332(60) ack
1 win 58400 (DF) [tos 0x10]
21:05:46.261750 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1332 win
64899 (DF)
21:05:47.046125 63.231.238.229.ssh > 192.168.17.25.2403: P 1332:1392(60) ack
1 win 58400 (DF) [tos 0x10]
21:05:47.245983 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1392 win
64839 (DF)
21:05:48.046055 63.231.238.229.ssh > 192.168.17.25.2403: P 1392:1452(60) ack
1 win 58400 (DF) [tos 0x10]
21:05:48.230221 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1452 win
64779 (DF)
21:05:49.046131 63.231.238.229.ssh > 192.168.17.25.2403: P 1452:1512(60) ack
1 win 58400 (DF) [tos 0x10]
21:05:49.214435 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1512 win
64719 (DF)
21:05:49.824580 192.168.17.25.5122 > master.gamespy.com.27900: udp 463
21:05:50.046096 63.231.238.229.ssh > 192.168.17.25.2403: P 1512:1564(52) ack
1 win 58400 (DF) [tos 0x10]
21:05:50.198686 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1564 win
64667 (DF)
21:05:50.236133 63.231.238.229.ssh > 192.168.17.25.2403: P 1564:1624(60) ack
1 win 58400 (DF) [tos 0x10]
21:05:50.417414 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1624 win
64607 (DF)
21:05:51.217323 63.231.238.229.ssh > 192.168.17.25.2403: P 1624:1700(76) ack
1 win 58400 (DF) [tos 0x10]
21:05:51.236044 63.231.238.229.ssh > 192.168.17.25.2403: P 1700:1736(36) ack
1 win 58400 (DF) [tos 0x10]
21:05:51.236321 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1736 win
64495 (DF)
21:05:52.217390 63.231.238.229.ssh > 192.168.17.25.2403: P 1736:1812(76) ack
1 win 58400 (DF) [tos 0x10]
21:05:52.385865 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1812 win
64419 (DF)
21:05:53.236124 63.231.238.229.ssh > 192.168.17.25.2403: P 1812:1864(52) ack
1 win 58400 (DF) [tos 0x10]
21:05:53.370092 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1864 win
64367 (DF)
21:05:54.236184 63.231.238.229.ssh > 192.168.17.25.2403: P 1864:1916(52) ack
1 win 58400 (DF) [tos 0x10]
21:05:54.354333 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1916 win
64315 (DF)
21:05:55.236155 63.231.238.229.ssh > 192.168.17.25.2403: P 1916:1976(60) ack
1 win 58400 (DF) [tos 0x10]
21:05:55.447931 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 1976 win
64255 (DF)
21:05:56.236183 63.231.238.229.ssh > 192.168.17.25.2403: P 1976:2036(60) ack
1 win 58400 (DF) [tos 0x10]
21:05:56.432154 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 2036 win
64195 (DF)
21:05:57.236219 63.231.238.229.ssh > 192.168.17.25.2403: P 2036:2088(52) ack
1 win 58400 (DF) [tos 0x10]
21:05:57.416391 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 2088 win
64143 (DF)
21:05:57.577228 ip68-3-103-163.ph.ph.cox.net.12706 > 192.168.17.25.5122: udp
30
21:05:57.588866 192.168.17.25.5122 > ip68-3-103-163.ph.ph.cox.net.12706: udp
82
21:05:58.236179 63.231.238.229.ssh > 192.168.17.25.2403: P 2088:2140(52) ack
1 win 58400 (DF) [tos 0x10]
21:05:58.326254 63.231.238.229.ssh > 192.168.17.25.2403: P 2140:2224(84) ack
1 win 58400 (DF) [tos 0x10]
21:05:58.326549 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 2224 win
65535 (DF)
21:05:58.555851 cpe-66-169-5-119.spa.sc.charter.com.1053 >
192.168.17.25.5122: udp 30
21:05:58.557488 192.168.17.25.5122 >
cpe-66-169-5-119.spa.sc.charter.com.1053: udp 82
21:05:58.873428 24.107.132.119.charter-stl.com.1054 > 192.168.17.25.5122:
udp 30
21:05:58.885534 192.168.17.25.5122 > 24.107.132.119.charter-stl.com.1054:
udp 82
21:05:59.306626 63.231.238.229.ssh > 192.168.17.25.2403: P 2224:2300(76) ack
1 win 58400 (DF) [tos 0x10]
21:05:59.436256 63.231.238.229.ssh > 192.168.17.25.2403: P 2300:2384(84) ack
1 win 58400 (DF) [tos 0x10]
21:05:59.436555 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 2384 win
65375 (DF)
21:05:59.526237 63.231.238.229.ssh > 192.168.17.25.2403: P 2384:2452(68) ack
1 win 58400 (DF) [tos 0x10]
21:05:59.712914 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 2452 win
65307 (DF)
21:06:00.506562 63.231.238.229.ssh > 192.168.17.25.2403: P 2452:2520(68) ack
1 win 58400 (DF) [tos 0x10]
21:06:00.526183 63.231.238.229.ssh > 192.168.17.25.2403: P 2520:2580(60) ack
1 win 58400 (DF) [tos 0x10]
21:06:00.526459 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 2580 win
65179 (DF)
21:06:00.824227 c-24-11-59-38.client.comcast.net.gandalf-lm >
192.168.17.25.5122: udp 30
21:06:00.838438 192.168.17.25.5122 >
c-24-11-59-38.client.comcast.net.gandalf-lm: udp 82
21:06:01.506721 63.231.238.229.ssh > 192.168.17.25.2403: P 2580:2656(76) ack
1 win 58400 (DF) [tos 0x10]
21:06:01.666289 63.231.238.229.ssh > 192.168.17.25.2403: P 2656:2740(84) ack
1 win 58400 (DF) [tos 0x10]
21:06:01.666572 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 2740 win
65019 (DF)
21:06:02.650062 63.231.238.229.ssh > 192.168.17.25.2403: P 2740:2816(76) ack
1 win 58400 (DF) [tos 0x10]
21:06:02.774998 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 2816 win
64943 (DF)
21:06:02.885181 192.168.17.25 > one.knight-sec.com:
ESP(spi=0x90d0bf23,seq=0x15)
21:06:02.973457 one.knight-sec.com > 192.168.17.25:
ESP(spi=0x8648ada9,seq=0x10)
21:06:03.646632 63.231.238.229.ssh > 192.168.17.25.2403: P 2816:2900(84) ack
1 win 58400 (DF) [tos 0x10]
21:06:03.666188 63.231.238.229.ssh > 192.168.17.25.2403: P 2900:2944(44) ack
1 win 58400 (DF) [tos 0x10]
21:06:03.666470 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 2944 win
64815 (DF)
21:06:04.646704 63.231.238.229.ssh > 192.168.17.25.2403: P 2944:3020(76) ack
1 win 58400 (DF) [tos 0x10]
21:06:04.852795 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3020 win
64739 (DF)
21:06:05.666369 63.231.238.229.ssh > 192.168.17.25.2403: P 3020:3080(60) ack
1 win 58400 (DF) [tos 0x10]
21:06:05.837040 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3080 win
64679 (DF)
21:06:06.668690 63.231.238.229.ssh > 192.168.17.25.2403: P 3080:3132(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:06.821273 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3132 win
64627 (DF)
21:06:07.666278 63.231.238.229.ssh > 192.168.17.25.2403: P 3132:3184(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:07.805504 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3184 win
64575 (DF)
21:06:08.666302 63.231.238.229.ssh > 192.168.17.25.2403: P 3184:3244(60) ack
1 win 58400 (DF) [tos 0x10]
21:06:08.789739 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3244 win
64515 (DF)
21:06:09.666318 63.231.238.229.ssh > 192.168.17.25.2403: P 3244:3304(60) ack
1 win 58400 (DF) [tos 0x10]
21:06:09.837344 192.168.17.25.5122 > master.gamespy.com.27900: udp 5
21:06:09.883330 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3304 win
64455 (DF)
21:06:10.646865 63.231.238.229.ssh > 192.168.17.25.2403: P 3304:3388(84) ack
1 win 58400 (DF) [tos 0x10]
21:06:10.758210 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3388 win
64371 (DF)
21:06:11.666340 63.231.238.229.ssh > 192.168.17.25.2403: P 3388:3440(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:11.851798 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3440 win
64319 (DF)
21:06:12.666316 63.231.238.229.ssh > 192.168.17.25.2403: P 3440:3492(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:12.836041 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3492 win
64267 (DF)
21:06:13.666388 63.231.238.229.ssh > 192.168.17.25.2403: P 3492:3544(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:13.820261 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3544 win
64215 (DF)
21:06:14.666391 63.231.238.229.ssh > 192.168.17.25.2403: P 3544:3596(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:14.804498 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3596 win
64163 (DF)
21:06:15.666409 63.231.238.229.ssh > 192.168.17.25.2403: P 3596:3648(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:15.788724 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3648 win
64111 (DF)
21:06:16.666395 63.231.238.229.ssh > 192.168.17.25.2403: P 3648:3700(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:16.882316 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3700 win
65535 (DF)
21:06:17.666406 63.231.238.229.ssh > 192.168.17.25.2403: P 3700:3752(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:17.866562 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3752 win
65483 (DF)
21:06:18.666390 63.231.238.229.ssh > 192.168.17.25.2403: P 3752:3812(60) ack
1 win 58400 (DF) [tos 0x10]
21:06:18.850782 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3812 win
65423 (DF)
21:06:19.666451 63.231.238.229.ssh > 192.168.17.25.2403: P 3812:3864(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:19.835028 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3864 win
65371 (DF)
21:06:20.666407 63.231.238.229.ssh > 192.168.17.25.2403: P 3864:3916(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:20.819235 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3916 win
65319 (DF)
21:06:21.666432 63.231.238.229.ssh > 192.168.17.25.2403: P 3916:3968(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:21.762163 ip68-10-177-79.hr.hr.cox.net.33126 > 192.168.17.25.5122: udp
30
21:06:21.772780 192.168.17.25.5122 > ip68-10-177-79.hr.hr.cox.net.33126: udp
82
21:06:21.803470 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 3968 win
65267 (DF)
21:06:22.666480 63.231.238.229.ssh > 192.168.17.25.2403: P 3968:4012(44) ack
1 win 58400 (DF) [tos 0x10]
21:06:22.748967 63.231.238.229.ssh > 192.168.17.25.2403: P 4012:4104(92) ack
1 win 58400 (DF) [tos 0x10]
21:06:22.749275 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 4104 win
65131 (DF)
21:06:22.882548 192.168.17.25 > one.knight-sec.com:
ESP(spi=0x90d0bf23,seq=0x16)
21:06:22.968825 one.knight-sec.com > 192.168.17.25:
ESP(spi=0x8648ada9,seq=0x11)
21:06:23.570299 192.168.17.25.netbios-dgm > 192.168.17.255.netbios-dgm: NBT
UDP PACKET(138)
21:06:23.726948 63.231.238.229.ssh > 192.168.17.25.2403: P 4104:4188(84) ack
1 win 58400 (DF) [tos 0x10]
21:06:23.727820 63.231.238.229.ssh > 192.168.17.25.2403: P 4188:4288(100)
ack 1 win 58400 (DF) [tos 0x10]
21:06:23.728027 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 4288 win
64947 (DF)
21:06:24.468705 66-252-38-4.da.midmaine.com.4796 > 192.168.17.25.5122: udp
30
21:06:24.475691 192.168.17.25.5122 > 66-252-38-4.da.midmaine.com.4796: udp
82
21:06:24.726985 63.231.238.229.ssh > 192.168.17.25.2403: P 4288:4364(76) ack
1 win 58400 (DF) [tos 0x10]
21:06:24.746435 63.231.238.229.ssh > 192.168.17.25.2403: P 4364:4416(52) ack
1 win 58400 (DF) [tos 0x10]
21:06:24.746721 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 4416 win
64819 (DF)
21:06:25.726874 63.231.238.229.ssh > 192.168.17.25.2403: P 4416:4492(76) ack
1 win 58400 (DF) [tos 0x10]
21:06:25.849770 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 4492 win
64743 (DF)
21:06:26.735672 192.168.17.25.5120 > 255.255.255.255.5121: udp 7
21:06:26.735693 192.168.17.25.5120 > 255.255.255.255.5121: udp 7
21:06:26.736394 hydra.5121 > 192.168.17.25.5120: udp 19
21:06:26.736521 hydra.5121 > 192.168.17.25.5120: udp 19
21:06:26.738129 192.168.17.25.5120 > hydra.5121: udp 6
21:06:26.738189 192.168.17.25.5120 > hydra.5121: udp 11
21:06:26.738235 192.168.17.25.5120 > hydra.5121: udp 6
21:06:26.738401 192.168.17.25.5120 > hydra.5121: udp 6
21:06:26.738457 192.168.17.25.5120 > hydra.5121: udp 6
21:06:26.738487 192.168.17.25.5120 > hydra.5121: udp 6
21:06:26.746483 63.231.238.229.ssh > 192.168.17.25.2403: P 4492:4552(60) ack
1 win 58400 (DF) [tos 0x10]
21:06:26.756345 hydra.5121 > 192.168.17.25.5120: udp 25
21:06:26.756439 hydra.5121 > 192.168.17.25.5120: udp 11
21:06:26.756542 hydra.5121 > 192.168.17.25.5120: udp 25
21:06:26.756646 hydra.5121 > 192.168.17.25.5120: udp 25
21:06:26.756753 hydra.5121 > 192.168.17.25.5120: udp 25
21:06:26.756863 hydra.5121 > 192.168.17.25.5120: udp 25
21:06:26.761563 192.168.17.25.5120 > hydra.5121: udp 11
21:06:26.776370 hydra.5121 > 192.168.17.25.5120: udp 11
21:06:26.779024 192.168.17.25.5120 > hydra.5121: udp 11
21:06:26.796286 hydra.5121 > 192.168.17.25.5120: udp 11
21:06:26.800025 192.168.17.25.5120 > hydra.5121: udp 11
21:06:26.816289 hydra.5121 > 192.168.17.25.5120: udp 11
21:06:26.943350 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 4552 win
64683 (DF)
21:06:27.132544 192.168.17.25 > one.knight-sec.com:
ESP(spi=0x90d0bf23,seq=0x17)
21:06:27.727556 63.231.238.229.ssh > 192.168.17.25.2403: P 4552:4660(108)
ack 1 win 58400 (DF) [tos 0x10]
21:06:27.728334 63.231.238.229.ssh > 192.168.17.25.2403: P 4660:4728(68) ack
1 win 58400 (DF) [tos 0x10]
21:06:27.728622 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 4728 win
64507 (DF)
21:06:27.729133 63.231.238.229.ssh > 192.168.17.25.2403: P 4728:4804(76) ack
1 win 58400 (DF) [tos 0x10]
21:06:27.729938 63.231.238.229.ssh > 192.168.17.25.2403: P 4804:4872(68) ack
1 win 58400 (DF) [tos 0x10]
21:06:27.730182 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 4872 win
64363 (DF)
21:06:27.730839 63.231.238.229.ssh > 192.168.17.25.2403: P 4872:4956(84) ack
1 win 58400 (DF) [tos 0x10]
21:06:27.746456 63.231.238.229.ssh > 192.168.17.25.2403: P 4956:4992(36) ack
1 win 58400 (DF) [tos 0x10]
21:06:27.746746 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 4992 win
64243 (DF)
21:06:28.245596 192.168.17.25.5120 > hydra.5121: udp 11
21:06:28.256327 hydra.5121 > 192.168.17.25.5120: udp 11
21:06:28.259802 192.168.17.25.5120 > hydra.5121: udp 11
21:06:28.276302 hydra.5121 > 192.168.17.25.5120: udp 11
21:06:28.277412 192.168.17.25.5120 > hydra.5121: udp 11
21:06:28.296300 hydra.5121 > 192.168.17.25.5120: udp 11
21:06:28.298549 192.168.17.25.5120 > hydra.5121: udp 11
21:06:28.316302 hydra.5121 > 192.168.17.25.5120: udp 11
21:06:28.726941 63.231.238.229.ssh > 192.168.17.25.2403: P 4992:5068(76) ack
1 win 58400 (DF) [tos 0x10]
21:06:28.727579 63.231.238.229.ssh > 192.168.17.25.2403: P 5068:5144(76) ack
1 win 58400 (DF) [tos 0x10]
21:06:28.727787 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 5144 win
64091 (DF)
21:06:28.728306 63.231.238.229.ssh > 192.168.17.25.2403: P 5144:5220(76) ack
1 win 58400 (DF) [tos 0x10]
21:06:28.729069 63.231.238.229.ssh > 192.168.17.25.2403: P 5220:5288(68) ack
1 win 58400 (DF) [tos 0x10]
21:06:28.729283 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 5288 win
65535 (DF)
21:06:28.746524 63.231.238.229.ssh > 192.168.17.25.2403: P 5288:5332(44) ack
1 win 58400 (DF) [tos 0x10]
21:06:28.911838 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 5332 win
65491 (DF)
21:06:29.725041 192.168.17.25.5120 > 255.255.255.255.5121: udp 7
21:06:29.725078 192.168.17.25.5120 > 255.255.255.255.5121: udp 7
21:06:29.726971 63.231.238.229.ssh > 192.168.17.25.2403: P 5332:5408(76) ack
1 win 58400 (DF) [tos 0x10]
21:06:29.727600 63.231.238.229.ssh > 192.168.17.25.2403: P 5408:5476(68) ack
1 win 58400 (DF) [tos 0x10]
21:06:29.727866 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 5476 win
65347 (DF)
21:06:29.728302 63.231.238.229.ssh > 192.168.17.25.2403: P 5476:5552(76) ack
1 win 58400 (DF) [tos 0x10]
21:06:29.736428 hydra.5121 > 192.168.17.25.5120: udp 19
21:06:29.736551 hydra.5121 > 192.168.17.25.5120: udp 19
21:06:29.737477 192.168.17.25.5120 > hydra.5121: udp 6
21:06:29.737530 192.168.17.25.5120 > hydra.5121: udp 11
21:06:29.741486 192.168.17.25.5120 > hydra.5121: udp 6
21:06:29.746442 63.231.238.229.ssh > 192.168.17.25.2403: P 5552:5580(28) ack
1 win 58400 (DF) [tos 0x10]
21:06:29.746720 192.168.17.25.2403 > 63.231.238.229.ssh: . ack 5580 win
65243 (DF)
21:06:29.756377 hydra.5121 > 192.168.17.25.5120: udp 25
21:06:29.756470 hydra.5121 > 192.168.17.25.5120: udp 11
21:06:29.756576 hydra.5121 > 192.168.17.25.5120: udp 25
21:06:29.761597 192.168.17.25.5120 > hydra.5121: udp 11
21:06:29.776317 hydra.5121 > 192.168.17.25.5120: udp 11
21:06:29.780531 192.168.17.25.5120 > hydra.5121: udp 11
21:06:29.796315 hydra.5121 > 192.168.17.25.5120: udp 11
21:06:29.799719 192.168.17.25.5120 > hydra.5121: udp 11




> -----Original Message-----
> From: Ronnie Clark [mailto:ronnie@txnetsecurity.com]
> Sent: Monday, January 12, 2004 9:01 PM
> To: 'Budec'; 'FreeBSD-questions list'
> Subject: RE: Port forwarding
>
>
> Jack,
>
> Well, a tcpdump trace should prove whether the traffic is pasing. Do you
> have one?
>
> Ron Clark
>
>
>
> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Budec
> Sent: Monday, January 12, 2004 8:15 PM
> To: Ronnie Clark; 'Budec'; 'FreeBSD-questions list'
> Subject: RE: Port forwarding
>
>
>
>
> Thanks for the reply.
>
> I'm using the default 'rc.firewall' and in the /etc/rc.config I
> have it set
> up to use "OPEN".
> >From what I can tell, it looks like I'm passing everything by
> >default...
> here is a snip of the config (not all of the /etc/rc.firewall
> file, just the
> OPEN parts)
>
> [snip]
> case ${firewall_type} in
> [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt])
>         case ${natd_enable} in
>         [Yy][Ee][Ss])
>                 if [ -n "${natd_interface}" ]; then
>                         ${fwcmd} add 50 divert natd all from any
> to any via
> ${natd_interface}
>                 fi
>                 ;;
>         esac
> esac
>
>
>
> [snip]
> case ${firewall_type} in
> [Oo][Pp][Ee][Nn])
>         # bud
>         #${fwcmd} add count log tcp from any to any setup
>         #${fwcmd} add count log udp from any to any keep-state
>
>         # clients
> #       ${fwcmd} add allow tcp from any to 192.168.17.1 5121 keep-state
> #       ${fwcmd} add allow udp from any to 192.168.17.1 5121 keep-state
>
> #       ${fwcmd} add allow tcp from any to 192.168.17.25 5121 keep-state
> #       ${fwcmd} add allow udp from any to 192.168.17.25 5121 keep-state
>
>
>         # Gamespy
> #       ${fwcmd} add allow udp from 192.168.17.1 5121 to
> 216.177.89.34 27900
> keep-state
> #       ${fwcmd} add allow udp from 192.168.17.1 5121 to
> 66.244.193.142 5121
> keep-state
>
> #       ${fwcmd} add allow udp from 192.168.17.25 5121 to 216.177.89.34
> 27900 keep-state
> #       ${fwcmd} add allow udp from 192.168.17.25 5121 to 66.244.193.142
> 5121 keep-state
>
>
>
>         ${fwcmd} add 65000 pass all from any to any
>         ;;
>
>
>
> 'pass all from any to any' should do it right?
>
>
> Regards,
> Jack
>
>
>
>
> > -----Original Message-----
> > From: Ronnie Clark [mailto:ronnie@txnetsecurity.com]
> > Sent: Monday, January 12, 2004 8:14 PM
> > To: 'Budec'; 'FreeBSD-questions list'
> > Subject: RE: Port forwarding
> >
> >
> > Jack,
> >
> > What do our firewall rules look like? Is there a rule to allow 5122
> > traffic into the outside interface?
> >
> > Just a thought,
> > Ron Clark
> >
> >
> > -----Original Message-----
> > From: owner-freebsd-questions@freebsd.org
> > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Budec
> > Sent: Monday, January 12, 2004 7:50 PM
> > To: 'FreeBSD-questions list'
> > Subject: Port forwarding
> >
> >
> >
> >
> >
> > Hello,
> >
> > I have been trying to get this working for days and am obviously doing
> > something wrong and was wondering if any Guru's out there could give a
> > little guidance.  Basically I'm looking to run a game server behind a
> > FreeBSD firewall.  Here is my setup:
> >
> > {internet} <-> [public address] - Firewall <-> (internal address) Game
> > server
> >
> > Lets say public address is 1.2.3.4 and private address is
> > 192.168.17.25 port is 5122
> >
> >
> > In the /etc/rc.conf I set the firewall policy to "OPEN" and enabled
> > natd, I gave it the natd options of "-f /etc/natd.conf"... for "ipnat"
> > I have that set to "NO" (not sure what it does)
> >
> > In the natd.conf file I have this:
> >
> >         redirect_port tcp 192.168.17.25:5122 5122
> >         redirect_port udp 192.168.17.25:5122 5122
> >
> > I restart natd and theatrically everything that hits 1.2.3.4 on port
> > 5122 should be automatically redirected to 192.168.17.25 port 5122,
> > right?
> >
> > I have also tried this (since the public interface is aliases (has
> > more than one public address associated with it)):
> >
> >         redirect_port tcp 192.168.17.25:5122 1.2.3.4:5122
> >         redirect_port udp 192.168.17.25:5122 1.2.3.4:5122
> >
> >
> >
> > Which doesn't seem to work either.  Any ideas?
> >
> > Regards,
> > Jack
> >
> >
> >
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe@freebsd.org"
> >
> >
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DIEOLEPNIDLIJHMBILKJOEFFDIAA.budec>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation