Date: Tue, 08 Jul 2003 12:45:17 +0100 From: Guilherme Oliveira <guilherme@nortenet.pt> To: FreeBSD-NET@FreeBSD.ORG Subject: Acess to virtual hosts are being blocked by natd/firewall Message-ID: <3F0AAECD.4070601@nortenet.pt>
next in thread | raw e-mail | index | archive | help
Hi ! I've configured a dmz and our workstations (192.168.0) acess to external sites very well. But sites that are hosted in 192.168.1 that are port_redirected by natd with static ip are blocked only if acessed by our workstations with 192.168.0 From internet is fine. It blocks www.site-example.com and xxx.xxx.xxx.xxx. It only works with 192.168.1.2 ! /kernel: Connection attempt to TCP xxx.xxx.xxx.xxx:80 from 192.168.0.3:2366 My natd it's configured with natd_flags="-l -s -m -u -dynamic -log_denied -log_ipfw_denied -redirect_port tcp 192.168.1.2:80 xxx.xxx.xxx.xxx:80" The firewall is configured to "OPEN". netstat -r in natd: default adsl-b3-72-1.telep UGSc 2 4300 tun0 localhost localhost UH 0 0 lo0 192.168.0 link#2 UC 5 0 xl1 192.168.0.2 00:e0:7d:ed:1b:de UHLW 0 38 xl1 940 192.168.0.3 00:50:eb:1d:80:dd UHLW 1 379 xl1 657 192.168.0.5 00:08:02:cf:1b:6d UHLW 0 1262 xl1 349 192.168.0.6 00:c0:df:09:a1:31 UHLW 0 24 xl1 560 192.168.0.7 00:c0:df:09:ab:e7 UHLW 0 977 xl1 521 192.168.1 link#3 UC 1 0 xl2 192.168.1.2 00:04:75:e9:c0:04 UHLW 1 257 xl2 331 adsl-b3-72-1.telep adslemp-b3-123-140 UH 2 0 tun0 adslemp-b3-121-73. link#1 UC 0 0 xl0 adslemp-b3-121-74. link#1 UC 0 0 xl0 adslemp-b3-121-75. link#1 UC 0 0 xl0 adslemp-b3-121-76. link#1 UC 0 0 xl0 adslemp-b3-121-77. link#1 UC 0 0 xl0 adslemp-b3-121-78. link#1 UC 0 0 xl0 netstat -r in workstation: Internet: Destination Gateway Flags Refs Use Netif Expire default sarpa UGSc 10 0 sis0 localhost localhost UH 0 140 lo0 192.168.0 link#1 UC 2 0 sis0 sarpa 00:04:75:e0:d4:52 UHLW 12 12204 sis0 596 parpa 00:50:eb:1d:80:dd UHLW 0 39 lo0 It's natd problem or ipfw ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F0AAECD.4070601>