Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Apr 2001 22:18:30 -0500 (CDT)
From:      Nick Rogness <nick@rogness.net>
To:        universe <universe@truemetal.org>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: natd filters redirect port.
Message-ID:  <Pine.BSF.4.21.0104152215580.61877-100000@cody.jharris.com>
In-Reply-To: <3ADA1922.F279C985@truemetal.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, 15 Apr 2001, universe wrote:

> hi list,
> 
> my freebsd box is acting as a gateway for my internal private network,
> the connection is made with userland ppp (pppoe) and natd. 
> 
> natd also forwards packets on the external port 81 to a internal
> machine on port 9192. since i changed from isdn to dsl the other day
> the redirect_port doesn't seem to work anymore and natd (?) is
> filtering the tcp port 81.

> 
> natd is started with: natd -n tun0 -dynamic -redirect_port tcp
> 192.168.0.4:9192 81 which forwards every request on tun0 (external
> ethernet card which connects to the dsl modem) on port 81 to the
> internal machine 192.168.0.4 at port 9192.

> 
> however, when i do a portscan from a external machine it shows that
> port 81 is being filtered as soon as i run natd with the
> -redirect_port switch:
> 
> (The 1517 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 22/tcp     open        ssh                     
> 80/tcp     open        http                    
> 81/tcp     filtered    hosts2-ns               
> 137/tcp    filtered    netbios-ns              
> 138/tcp    filtered    netbios-dgm             
> 139/tcp    filtered    netbios-ssn 
> 
> port 81 should be "open", not "filtered". i configured natd to forward
> requests on port 2345 etc. instead but the effect stays the same,
> every port gets filtered.
> 
> ipfw list on the gateway which runs natd shows the following:
> 
> 00009 deny tcp from any to any 139 in recv tun0
> 00009 deny tcp from any to any 138 in recv tun0
> 00009 deny tcp from any to any 137 in recv tun0
> 00010 divert 8668 ip from any to any via tun0
> 00011 divert 1234 tcp from any to any out xmit tun0 setup
> 00020 allow ip from any to any
> 65535 deny ip from any to any

	What is rule 11?  Is that somehow tied to the PPPoE setup [sorry
	not familiar with that setup]?



Nick Rogness <nick@rogness.net>
 - Keep on Routing in a Free World...
 "FreeBSD: The Power to Serve!"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104152215580.61877-100000>