From owner-freebsd-questions Tue Jan 9 13:19:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from digital.csudsu.com (digital.csudsu.com [209.249.57.102]) by hub.freebsd.org (Postfix) with ESMTP id D1EED37B69E for ; Tue, 9 Jan 2001 13:19:23 -0800 (PST) Received: by digital.csudsu.com (Postfix, from userid 1000) id 38F5F22E01; Tue, 9 Jan 2001 13:19:27 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by digital.csudsu.com (Postfix) with ESMTP id 2A4A21F001; Tue, 9 Jan 2001 13:19:27 -0800 (PST) Date: Tue, 9 Jan 2001 13:19:27 -0800 (PST) From: Stefan Molnar To: Mikel King Cc: "freebsd-questions@FreeBSD.ORG" Subject: Re: more re: stupid NATD tricks... In-Reply-To: <3A5B3493.D2E0D3B3@ocsinternet.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Here is the one thing you have not done. Make an alias interface on the external address. Your external interface needs to lissen and anwser for all static nat translations. On Tue, 9 Jan 2001, Mikel King wrote: > Greetings all; > > Ok I'm running this question again, because I've already read and > reread everything I can find on the subject. I am trying to get static > NAT working. NATD is working normally, my inside machines can traceroute > and surf and nslookup etc...I know there must be something stupid I've > overlooked > > From the outside I've tried simply telneting to the ouside IP on > port 80 from another outside device (...NOTE this works fine from the FW > directly to the inside machine...so I can verify that the http requests > are being answered) and I get the following: > > Trying 204.107.76.181... > telnet: connect to address 204.107.76.181: Connection refused > telnet: Unable to connect to remote host > > If I remove the redirect_port and put redirect_address 10.0.0.77 > 208.239.172.50 instead then I get the following; > > telnet 208.239.172.50 80 > Trying 208.239.172.50... > telnet: connect to address 208.239.172.50: Operation timed out > telnet: Unable to connect to remote host > > Remember 10.0.0.77 surfs out through this box fine, and other > workstations on the backnet and surf to 10.0.0.77 without a problem. > > Thank in advance for any help. > > Cheers, > Mikel > > ***************** CONFIGURATION FILES etc... > > cli: > /sbin/natd -f /etc/rc.natd > > rc.natd: > interface fxp0 > use_sockets > same_ports > unregistered_only #I've tried it with and > with out this one... > redirect_port tcp 10.0.0.77:80 80 #This should redirect any HTTP > request from the outside to the in... > redirect_port tcp 10.0.0.2:23 23 > log > > #other rules that i've tried... > #redirect_port tcp 10.0.0.77:80 208.239.172.50:80 > #redirect_address 10.0.0.77 208.239.172.50 > > rc.firewall: > ############ > # Setup system for firewall service. > # $FreeBSD: src/etc/rc.firewall,v 1.30 2000/02/06 19:24:37 paul Exp $ > > # Suck in the configuration variables. > if [ -r /etc/defaults/rc.conf ]; then > . /etc/defaults/rc.conf > elif [ -r /etc/rc.conf ]; then > . /etc/rc.conf > fi > > fwcmd="/sbin/ipfw" > nif="fxp0" > iif="rl0" > ${fwcmd} -f flush > ${fwcmd} add divert natd all from any to any via ${nif} > ${fwcmd} add pass ip from any to any > ${fwcmd} add deny log all from any to any > > ipfw show: > 00100 15537 1416950 divert 8668 ip from any to any via fxp0 > 00200 16707 1550670 allow ip from any to any > 00300 0 0 deny log logamount 100 ip from any to any > 65535 0 0 deny ip from any to any > > kernel conf: > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_VERBOSE_LIMIT=100 > options IPDIVERT > options ICMP_BANDLIM > > ps ax (excert): > 140 ?? Ss 0:00.25 syslogd -s > 161 ?? Ss 0:00.28 cron > 164 ?? Is 0:00.54 /usr/sbin/sshd > 166 ?? Ss 0:00.13 /usr/sbin/usbd > 204 ?? Is 0:00.01 /usr/local/sbin/xinetd -pid > 237 ?? Ss 0:01.26 /sbin/natd -f /etc/rc.natd > > netstat -rn: > Routing tables > Internet: > Destination Gateway Flags Refs Use Netif > Expire > default 204.107.76.1 UGSc 0 0 fxp0 > 10/24 link#2 UC 0 0 rl0 => > > 10.0.0.77 link#2 UHLW 1 8 rl0 => > > 127.0.0.1 127.0.0.1 UH 0 4 lo0 > 204.107.76 link#1 UC 0 0 fxp0 => > > 204.107.76.1 0:e0:1e:e9:ad:1 UHLW 1 0 fxp0 > 858 > 204.107.76.19 0:e0:29:84:d0:4b UHLW 2 1864 fxp0 > 945 > 204.107.76.111 0:10:4b:14:a7:63 UHLW 0 60 fxp0 > 859 > 204.107.76.181 0:3:47:12:3c:51 UHLW 0 8 lo0 > 208.239.172.50 0:3:47:12:3c:51 UHLS 0 0 lo0 => > > 208.239.172.50/32 link#1 UC 0 0 fxp0 => > > Internet6: > Destination Gateway > Flags Neti$::1 > ::1 UH lo0 > fe80::%fxp0/64 link#1 > UC fxp0 > fe80::%rl0/64 link#2 > UC rl0 > fe80::%lo0/64 fe80::1%lo0 > Uc lo0 > ff01::/32 ::1 > U lo0 > ff02::%fxp0/32 link#1 > UC fxp0 > ff02::%rl0/32 link#2 > UC rl0 > ff02::%lo0/32 fe80::1%lo0 > UC lo0 > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message