Date: Tue, 11 Jun 2002 16:45:39 +0200 (MEST) From: David Wahlstedt <davidw@cs.chalmers.se> To: <questions@freebsd.org> Subject: natd port forwarding Message-ID: <Pine.SOL.4.30.0206111618300.14900-100000@quirm.cs.chalmers.se>
next in thread | raw e-mail | index | archive | help
Hi !
I've got a 486 running picoBSD (the net-floppy based on FreeBSD-2.2.5)
with two network cards:
ep0 to internet, ADSL with static ip.
ep1 (10.0.0.1) to LAN, which is a hub attached to a couple of windows
machines and one FreeBSD-4.5-R machine (10.0.0.4).
The 486 runs natd and ipfw.
It works fine, but I don't get port forwarding to work.
Maybe I have the wrong syntax ?
Do I have to add something in my rc.firewall to get it to work ?
Currently I run the "open" version, so I need any
changes there ? (if we don't bother about security, just to get it work)
I tried with netcat to see if my 1234 port forwarding worked, but it seems
not to.
On my machine 10.0.0.4
> nc -l -p 1234
from anywhere:
> nc 217.bla.bla.bla -p 1234
lkhgkljgh...
Nothing happens.
The syntax of nc was right , i just dont remember it while writing this
mail.
Also with tcpdump I don't see anything.
Any one knows what is missing ?
With regards, David Wahlstedt
here follow my config files:
(My ip is exchanged to 217.bla.bla.bla)
---------------------------------------------------------------------------
natd.conf:
interface ep0
unregistered_only
#alias_address 217.bla.bla.bla
use_sockets yes
same_ports yes
redirect_port tcp 10.0.0.3:411-412 217.bla.bla.bla:411-412
redirect_port udp 10.0.0.3:411-412 217.bla.bla.bla:411-412
redirect_port tcp 10.0.0.3:20-21 217.bla.bla.bla:20-21
redirect_port udp 10.0.0.3:20-21 217.bla.bla.bla:20-21
redirect_port tcp 10.0.0.4:1234 217.bla.bla.bla:1234
redirect_port udp 10.0.0.4:1234 217.bla.bla.bla:1234
---------------------------------------------------------------------------
rc.conf:
#!/bin/sh
#
swapfile="NO" # Set to name of swapfile if aux swapfile desired.
### Network configuration sub-section ######################
### Basic network options: ###
hostname="pico.bostream.se" # Set this! Detta ar nog fel.
tcp_extensions="NO" # Allow RFC1323 & RFC1644 extensions (or NO).
network_interfaces="lo0 ep0 ep1" # List of network interfaces (lo0 is loo
ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry.
ifconfig_ep0="inet 217.bla.bla.bla netmask 255.255.255.0 up"
ifconfig_ep1="inet 10.0.0.1 netmask 255.255.255.128 up"
### Network daemons options: ###
inetd_enable="YES" # Run the network daemon dispatcher (or NO)
inetd_flags="" # Optional flags to inetd
snmpd_enable="NO" # Run the SNMP daemon (or NO)
snmpd_flags="-C -c /etc/snmpd.conf" # Optional flags to snmpd
### Network routing options: ###
defaultrouter="217.bla.bla.bla" # Set to default gateway (or NO).
static_routes="" # Set to static route list (or leave empty).
gateway_enable="YES" # Set to YES if this host will be a gateway.
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="open"
firewall_quiet="NO"
natd_program="/sbin/natd"
natd_enable="YES"
natd_interface="ep0"
natd_flags="-f /etc/natd.conf"
tcp_drop_synfin="YES"
arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL.
### Allow local configuration override at the very end here ##
if [ -f /etc/rc.conf.local ]; then
. /etc/rc.conf.local
fi
---------------------------------------------------------------------------
rc.firewall:
#mitt enda tillägg:
$fwcmd -f flush
$fwcmd add 500 divert 8668 al from any to any via ep0
# i "simple"-delen:
oif="ep0"
onet="217.bla.bla.bla"
omask="255.255.255.0"
oip="217.bla.bla.bla"
---------------------------------------------------------------------------
Copyright (c) 1992-1998 FreeBSD Inc.
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
FreeBSD 2.2.5-STABLE #0: Mon Mar 23 16:22:37 MYT 1998
dinesh@broker.alphaque.com:/usr/src/sys/compile/PICOBSD-N.2800
CPU: i486 DX4 (486-class CPU)
Origin = "GenuineIntel" Id = 0x480 Stepping=0
Features=0x3<FPU,VME>
real memory = 33554432 (32768K bytes)
FreeBSD Kernel Configuration Utility - Version 1.1
Type "help" for help or "visual" to go to the visual
configuration interface (requires MGA/VGA display or
serial terminal capable of displaying ANSI graphics).
config> disable sio0
config> disable sio2
config> disable sio3
config> port lpt0 0x0378
config> port ed0 0x0340
config> irq ed0 4
config> iomem ed0 0x00000000
config> port ed1 0x0320
config> iomem ed1 0x00000000
config> irq ep1 11
config> quit
avail memory = 28262400 (27600K bytes)
Probing for devices on PCI bus 0:
wdc0 <CMD 640B IDE> rev 2 int a irq 14 on pci0:15
chip0 <generic PCI bridge (vendor=1060 device=8881 subclass=0)> rev 1 on pci0:16chip1 <generic PCI bridge (vendor=1060 device=8886 subclass=1)> rev 1 on pci0:18Probing for devices on the ISA bus:
sc0 at 0x60-0x6f irq 1 on motherboard
sc0: VGA mono <16 virtual consoles, flags=0x0>
ed0 not found at 0x340
ed1 not found at 0x320
sio1 at 0x2f8-0x2ff irq 3 on isa
sio1: type 16550A
lpt0 at 0x378-0x37f irq 7 on isa
lpt0: Interrupt-driven port
lp0: TCP/IP capable interface
fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
fdc0: FIFO enabled, 8 bytes threshold
fd0: 1.44MB 3.5in
wdc0 not found at 0x1f0
wdc1 not found at 0x170
2 3C5x9 board(s) on ISA found at 0x300 0x280
ep0 at 0x300-0x30f irq 10 on isa
ep0: utp[*UTP*] address 00:20:af:93:0d:4d
ep1 at 0x280-0x28f irq 11 on isa
ep1: aui/utp/bnc[*UTP*] address 00:a0:24:70:ab:76
npx0 on motherboard
npx0: INT 16 interface
IP packet filtering initialized, divert enabled, default to accept, logging disabled
rootfs is 2800 Kbyte compiled in MFS
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.30.0206111618300.14900-100000>