Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 16 Jul 1998 10:56:09 -0400 (EDT)
From:      Thomas David Rivers <rivers@dignus.com>
To:        rivers@dignus.com
Cc:        freebsd-hackers@freefall.cdrom.com
Subject:   Tantalizingly close (was: ipfw rules for exposing an internal machine's port externally?)
Message-ID:  <199807161456.KAA01628@lakes.dignus.com>
In-Reply-To: <35AE0711.D86870C9@jezebel.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 

Thanks to all the wonderful suggestions I've gotten from fellow
hackers - I'm tantalizingly close to being able to expose an internal
machine to the external network.   But, things are quite working
yet [By the way, in case I haven't mentioned - this is with 2.2.6.]

Here's what I currently have:

  [10.0.0.1]$ ipfw list
  00100 divert 32000 ip from any to any via sl0
  00200 allow tcp from any to 166.82.177.48 7490
  00201 allow tcp from any to 10.0.0.10 7490
  01000 allow ip from any to any via lo0
  01010 deny ip from 127.0.0.0/8 to 127.0.0.0/8
  65000 allow ip from any to any
  65535 deny ip from any to any

  [10.0.0.1]$ ifconfig sl0   (external interface)
  sl0: flags=9011<UP,POINTOPOINT,LINK0,MULTICAST> mtu 552
        inet 166.82.177.48 --> 166.82.100.202 netmask 0xffffff00 

  [10.0.0.1]$ ifconfig ed0   (internal interface)
  ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
        ether 66:66:77:00:0b:31 


  And, natd was run with:

   /usr/sbin/natd -l -port 32000 -interface sl0 -m -u -dynamic \
               -redirect_port tcp 10.0.0.10:7490 7490



When I try to connect to 166.82.177.48 with:

	telnet 166.82.177.48 7490

(from the 'external world') I no longer get the immediate 
'connection refused' [which implies things are getting somewhat routed...]  
But - I also don't get connected.  It eventually times out. [Internal 
connections from the gateway machine to 10.0.0.10 7490 work just fine.]  
To me, this implies some route isn't right yet... i.e. the internal machine 
can't get back to the external network...

I have the feeling I'm just missing one little item... which I
hope is obvious to the more ipfw/natd-experienced people on the list :-)

	 - Thanks -
	- Dave Rivers -


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807161456.KAA01628>