Hi all
I'm on 192.168.1.62, the server running on 192.168.1.3 and listen to port 1234.
I want any connection going out of my machine to port 1234 to port forward to
192.168.1.3:1234.
But when I attempt to connect to 192.168.1.1:1234 , natd shows following
verbose message:
natd[2051]: Aliasing
Hi there, a few months ago I inquired about an issue where using
ipfw+natd worked on 8.0 but produced errors in 8.1. After searching the
bugs database, I found multiple reports about it -
http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/148137 and
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern
Здравствуйте, Casey.
00300 0 0 deny ip from 192.168.0.0/16 to any in via fxp0
00301 0 0 deny ip from 172.16.0.0/12 to any in via fxp0
00302 0 0 deny ip from 10.0.0.0/8 to any in via fxp0
00303 0 0 deny ip from 127.0.0.0/8 to any in via fxp0
00304 0
Since a rebuild to FBSD 8.1, I can't get natd to function correctly. Below is
my ipfw config. It closely follows the example in the Handbook.
http://www.freebsd.org/doc/en/books/handbook/firewalls-ipfw.html (30.6.5.7 An
Example NAT and Stateful Ruleset -- Ruleset #1)
firewall config (logging en
Just a sidenote:
On Sat, 15 May 2010 02:33:10 +0200, umage wrote:
> However, if I
> run the script manually, or call it from the end of /etc/rc, it will add
> these rules as well. Currently I am using a workaround.
It's not a good idea to modify /etc/rc. In your case, using the
mechanism s of /e
On Sat, May 15, 2010 at 02:33:10AM +0200, umage wrote:
> I performed a kernel+world update of my freebsd router, RELENG_8 branch,
> apparently from the version 6 months ago to current. I use ipfw and a
> shell script that gets loaded at startup. I noticed after rebooting that
> ipfw did not load tw
I performed a kernel+world update of my freebsd router, RELENG_8 branch,
apparently from the version 6 months ago to current. I use ipfw and a
shell script that gets loaded at startup. I noticed after rebooting that
ipfw did not load two rules, both of type "divert natd". However, if I
run the scri
"mr. phreak" <[EMAIL PROTECTED]> writes:
> Hi, I am having trouble with my IPFW+NATD forwarding. I know a lot of
> people have
> and I've googled my ass off. Still I can't get it right. I'm trying to
> forward port 1213 in/out for dc++ usage.
>
>
Hi, I am having trouble with my IPFW+NATD forwarding. I know a lot of
people have
and I've googled my ass off. Still I can't get it right. I'm trying to
forward port 1213 in/out for dc++ usage.
this is my setup:
__WAN router (192.168.1.1)
|
|
(FreeBSD gateway/fw NIC1:ath0 (p
On Sun, Aug 27, 2006 at 01:04:54PM +0500, ?? ?? wrote:
> I'm a junior in FreeBSD, and I faced with problem.
You should know that others have mailers that are thread enabled. This
means that when you compose a new mail, but you that the reply sort cut
others may not read this, b
Hi,
I'm runnig fbsd as a router at home for dsl. Everything was runing fine
until one day. Suddenly all pcs in lan stoped opening foreign web pages
and connecting to foreign hosts, though I could ping those hosts.
That seemd like isp problem so i called them and they said everything is
fine. So I
Chuck Swiger wrote:
Is there any way to convince natd to re-read the natd.conf file short
of killing and restarting the daemon entirely? The manpage didn't say
so, and "kill -HUP" terminates the process.
If there was, I would expect /etc/rc.d/natd to support a reload option,
but I don't see
Hi, all--
I'm working on a new firewall running FreeBSD-5.4, IPFW, and natd for a small
client network of about 50 boxes, using a single routable IP via a T1 link.
They want to set up a Cisco 87x router as a VPN endpoint, my part is to set up
forwarding of the VPN traffic via the firewall to th
Am Dienstag, 10. Mai 2005 01:19 schrieb Frank de Bot:
> Emanuel Strobl wrote:
> > The problem is the same: IP-IP tunneling reduces TCPs mss which the
> > linux box doesn't fix. ICMP will work of course, TCP with full payload
> > won't. I don't knwo how/why you tunnle IP into IP on that linux box,
>
Emanuel Strobl wrote:
The problem is the same: IP-IP tunneling reduces TCPs mss which the linux
box doesn't fix. ICMP will work of course, TCP with full payload won't.
I don't knwo how/why you tunnle IP into IP on that linux box, but that's
the point where you have to dig.
Good luck,
-Harry
Wh
Am Dienstag, 10. Mai 2005 01:04 schrieb Frank de Bot:
> Emanuel Strobl wrote:
> > Am Dienstag, 10. Mai 2005 00:42 schrieb Frank de Bot:
> >>Hi,
> >>
> >>I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites
> >> like Google for instance does work, but many other don't. All other
> >> p
tion of your private network layout and how you
connect to the internet is needed.
List sites you can not access.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Frank de
Bot
Sent: Monday, May 09, 2005 6:42 PM
To: freebsd-questions@freebsd.org
Subject: ipfw
Emanuel Strobl wrote:
Am Dienstag, 10. Mai 2005 00:42 schrieb Frank de Bot:
Hi,
I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites like
Google for instance does work, but many other don't. All other protocols
I guess you're using an A-DSL line with PPPoE, right?
If so, see tcp-mss
.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Frank de
Bot
Sent: Monday, May 09, 2005 6:42 PM
To: freebsd-questions@freebsd.org
Subject: ipfw + natd => some sites won't work :-S
Hi,
I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites
Am Dienstag, 10. Mai 2005 00:42 schrieb Frank de Bot:
> Hi,
>
> I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites like
> Google for instance does work, but many other don't. All other protocols
I guess you're using an A-DSL line with PPPoE, right?
If so, see tcp-mss fix. PPPoE con
Hi,
I got my FreeBSD set up to do nat, but it doesn't work 100%. Sites like
Google for instance does work, but many other don't. All other protocols
seems to be working properly. But why are sites failing to do anything?
I got running natd with the verbose option and successfull request of
goog
Deling Ren <[EMAIL PROTECTED]>:
> Hi all, I am trying to setup a NAT box for my home network on freebsd 5.3.
> I am using ipfw and natd. I already got nat running but I am having
> problem with port forwarding. I am trying to forward port 80 on the nat
> box to an internal machine (192.168.0.7). I
Hi!
With this order (rules 201,501,502), everything works well.
Other orders, although intuitivly correct, don't behave as expected.
I tried divert, allow all from internal, check-state and nothing happened.
# enable the natd
add 00201 divert natd all from any to any via sis0
### TCP ###
# per de
Deling Ren <[EMAIL PROTECTED]> writes:
> Hi all, I am trying to setup a NAT box for my home network on freebsd 5.3.
> I am using ipfw and natd. I already got nat running but I am having
> problem with port forwarding. I am trying to forward port 80 on the nat
> box to an internal machine (192.168.
Hi all, I am trying to setup a NAT box for my home network on freebsd 5.3.
I am using ipfw and natd. I already got nat running but I am having
problem with port forwarding. I am trying to forward port 80 on the nat
box to an internal machine (192.168.0.7). I have the following as part of
natd_flags
"James A. Coulter" <[EMAIL PROTECTED]> writes:
> Here is my IPFW ruleset and my rc.conf. Hoping someone can point out
> the error of my ways.
You have a very restrictive ruleset there. On my home network, I
allow everything to go out from inside. If you don't do that, my
favorite options would
Hoping someone can provide a solution to the following problem:
I am using a FBSD 4.10 box as a gateway/router/firewall between a cable
modem and my home lan and its been working great for several months.
All machines behind my firewall are able to connect to the outside world
for http, e-mail,
Hi
I'm trying to setup natd to port forward to a http,ftp and vnc server behind
the natd box
But I only want a customer from their static ip address to be able to login
and block everything else
Is this possible in an natd enviroment?
Any examples?
Port forwarding works ok, I just can't fi
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Brian
Sent: Thursday, October 14, 2004 11:01 AM
To: 'FreeBSD Questions'
Subject: IPFW NATD
Hi
I'm trying to setup natd to port forward to a http,ftp and vnc server behind
the natd box
Bu
Hi
I'm trying to setup natd to port forward to a http,ftp and vnc server behind
the natd box
But I only want a customer from their static ip address to be able to login
and block everything else
Is this possible in an natd enviroment?
Any examples?
Port forwarding works ok, I just can't figure
>Your ipfw rules are invalid.
They seem to work perfectly. My only gripe is that static rule
#15100 is required to succeed with redirect_port from 1.2.3.4:80 to
192.168.2.250:80 when 192.168.1.247 requests a web page using the domain
name for 1.2.3.4. I'm looking for a solution that doesn't re
atd -dynamic -n de0 -p 9000 -f /etc/natd.conf
On Sunday 08 August 2004 06:30 pm, Eric Crist wrote:
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of
> > [EMAIL PROTECTED]
> > Sent: Sunday, August 08, 2004 5:43 PM
--On Sunday, August 08, 2004 18:43:21 -0400 [EMAIL PROTECTED] wrote:
No, I want a user on 192.168.1.247 to be redirected to 192.168.2.250:80 when
they request 1.2.3.4:80, where 1.2.3.4 is a PUBLIC ip number on the FreeBSD
internet gateway. Again, the configuration is
de0 = PUBLIC IP = 1.2.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Sunday, August 08, 2004 5:43 PM
> To: [EMAIL PROTECTED]
> Subject: Re: IPFW/NATD Transparent Proxy
>
>
>
> On Sunday 08 August 2004 04:38 pm
e-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of
> [EMAIL PROTECTED]
> Sent: Sunday, August 08, 2004 2:11 PM
> To: [EMAIL PROTECTED]
> Subject: IPFW/NATD Transparent Proxy
>
>
> Anyone up for a challenge?
>
> I've come to the conclusion tha
lto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: Sunday, August 08, 2004 2:11 PM
To: [EMAIL PROTECTED]
Subject: IPFW/NATD Transparent Proxy
Anyone up for a challenge?
I've come to the conclusion that IPFW/NATD cannot support
transparent
proxying with ONLY stateful rules. I'd like
Anyone up for a challenge?
I've come to the conclusion that IPFW/NATD cannot support transparent
proxying with ONLY stateful rules. I'd like to hear from anyone who has
been successful doing so in case I'm missing something.
Configuration is:
FreeBSD 5.2.1
3 -
For the list's archives.
Here is everything you need for ipfw/natd/stateful.
Add these statements to kernel source and compile kernel to enable
# Enable kernel IPFW.
#
option IPFIREWALL # Adds filtering code
into kernel
option IPFIREWALL_VE
I tried to allow only 80 port, but the result is the same. I have also tried
ipf + ipnat, but i need to block internet connection to some users by MAC
address, and ipf doesn't know, what MAC address is. Maybe i can block MAC
addresses with ipf + ipnat somehow? Btw FreeBSD version is 4.9.
> On Wed,
On Wed, 2004-03-31 at 20:27, Prodigy wrote:
> ${fwcmd} add 400 pass tcp from any 22,80,110,119,143,443,3306,5190,6667-7000
> to any via rl1
> ${fwcmd} add 500 pass tcp from any to any
> 22,80,110,119,143,443,3306,5190,6667-7000 via rl1
>
> When I comment out 400 and 500 rules and add "allow all fro
Hello,
i have a problem with ipfw + natd. The problem is that my FreeBSD server
isn't routing internet. First I have used FreeBSD4.9-STABLE, then i tried to
upgrade to FreeBSD4.9-RELEASE-p4. Result is the same - no internet for lan
users. Take a look at my configuration files:
rc
- Original Message -
From: "Prodigy" <[EMAIL PROTECTED]>
To: "freebsd-questions" <[EMAIL PROTECTED]>
Sent: Tuesday, March 09, 2004 10:53 AM
Subject: ipfw + natd - not sharing internet for LAN users
> # ipfw show
> 65535 1546 115746 allow ip f
Hi,
I have problem with freebsd. I'm using ipfw + natd to share internet connection to my
network (LAN) users, but my server is not sharing internet. My server has internet. It
pings google.com, etc.
Machine: FreeBSD4.9-STABLE
Kernel configuration:
# ... Some other stuff goes here
op
Hi!
> I have a problem with our firewall/NAT, on a FreeBSD 4.7 box... Here
> a list with some details:
>
> *) The FreeBSD box uses natd and ipfw, and have two external IP:s,
> lets say aaa.bbb.ccc.20 and ddd.eee.fff.21.
>
> *) natd is used to redirect access to external IP addresses and ports
On Wed, 6 Aug 2003 20:55:47 -0500 (CDT)
Mark <[EMAIL PROTECTED]> wrote:
> I am still unable to connect from the outside,
> from the kernel config
> # ipfw options
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=10
> options IPFIREWALL_DEFAULT_TO_ACCEPT
> optio
On Wed, 06 Aug 2003 21:28:19 -0700
[EMAIL PROTECTED] wrote:
>
> I want to forward port 80 from an outside ip to an internal ip of
> 192.168.1.150 dc1 is tun0 pppoe / dc0 is lan
> I have read what seems like 5 diff ways to do this but the only
> result has been to lock myself out of the compute
I am still unable to connect from the outside,
from the kernel config
# ipfw options
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
#To hide firewall from traceroute
options IPSTEALTH
#To hide from nmap, r
Hi,
I have similar problem.
I'm using IPF & IPNAT to redirect outbound connection
to the internal IP addr. It's been 4 months I can't
solve it :(
The result so far:
The connection was refused (Netscape)
Alert! Unable to connect (Lynx)
TIA
Here is the details
IPF.CONF
block in log all
pass out
Hello,
On Sun, 2003-08-10 at 22:38, Johannes Angeldorff wrote:
> Hi,
>
> I have a problem with our firewall/NAT, on a FreeBSD 4.7 box... Here
> a list with some details:
>
> *) The FreeBSD box uses natd and ipfw, and have two external IP:s,
> lets say aaa.bbb.ccc.20 and ddd.eee.fff.21.
>
> *)
Hi,
I have a problem with our firewall/NAT, on a FreeBSD 4.7 box... Here
a list with some details:
*) The FreeBSD box uses natd and ipfw, and have two external IP:s,
lets say aaa.bbb.ccc.20 and ddd.eee.fff.21.
*) natd is used to redirect access to external IP addresses and ports
to internal L
I want to forward port 80 from an outside ip to an internal ip of
192.168.1.150 dc1 is tun0 pppoe / dc0 is lan
I have read what seems like 5 diff ways to do this but the only
result has been to lock myself out of the computer.
What have I missed.
rc.conf settings
firewall_enable="YES"
firewall_
On Thu, 7 Aug 2003 04:33:43 +0200
Clement Laforet <[EMAIL PROTECTED]> wrote:
oups :
> use this
> natd_flags="-dynamic -redirect_port 192.168.1.150:80 80"
natd_flags="-dynamic -redirect_port tcp 192.168.1.150:80 80"
that's better ;)
___
[EMAIL PROTECTED]
Quoting Matthew Seaman <[EMAIL PROTECTED]>:
| On Mon, Aug 04, 2003 at 06:24:42AM -0700, [EMAIL PROTECTED]
| wrote:
| This sounds to me like a policy based routing problem -- googling for
| "policy based routing FreeBSD" in Google Groups should prove
| informative.
|
| However, the mechanism is ba
On Mon, Aug 04, 2003 at 06:24:42AM -0700, [EMAIL PROTECTED] wrote:
> I could sure use an idea for solving the following. We have a perfectly
> functional but saturated ds0 with our telco that is very expensive. We
> have squid running with transparent proxy for our LAN that consists of
> about 10
I could sure use an idea for solving the following. We have a perfectly
functional but saturated ds0 with our telco that is very expensive. We
have squid running with transparent proxy for our LAN that consists of
about 10-15 users. [ fwd 127.0.0.1,3128 tcp from 192.168.5.0/24 to any 80 ]
It wor
)9986-9317
Salvador - Bahia - Brazil
FreeBSD: The silent Workhorse
- Original Message -
From: "Micheal Patterson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Sunday, July 13, 2003 1:53 PM
Subject: Re: IPFW + NATD
>
>
>
- Original Message -
From: "Vitor de Matos Carvalho" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, July 13, 2003 7:18 AM
Subject: IPFW + NATD
> Hi,
>
> I have two networks: 10.1.0.0/16 and 10.2.0.0/16
>
> Only that I need to make the NA
Hi,
I have two networks: 10.1.0.0/16 and 10.2.0.0/16
Only that I need to make the NAT for only a one network, 10.2.0.0/16. Network
10,1,0,0/16 does not have external access.
How I configure in ipfw + natd so that this is possible?
My interface of exit is xl0 interface of network 10.1.0.0/16
I'd like to come up a ruleset that handles the following example. Suppose I
have a daemon listeing on port 2000 and I'd like outside clients to be able
to communicate with the daemon by addressing traffic to port 2000 or port
2001. So,
suppose I have for my natd configuration:
-redirect_port
On Sat, Mar 29, 2003 at 03:11:09PM -0800, [EMAIL PROTECTED] wrote:
[...]
> > > How can I redirect traffic to the WWW server from the LAN side ?
> > > Thanks, Jay.
> >
> > This is in the howto I followed (but I don't remember how)... there's
> > about 5 good ones that can be found via google.
> >
On Sat, 29 Mar 2003 14:50:22 -0800 (PST), Charlie Schluting wrote:
> > FreeBSD 4.7 firewall with 3 nics. Public, DMZ, and LAN.
> > DNS,Bind is not running here.
> > www Public address is redirected to it's DMZ address.
> > The www server in the DMZ can be accessed by name from the Internet
but
> >
On Sat, 29 Mar 2003 14:50:22 -0800 (PST), Charlie Schluting wrote:
> > FreeBSD 4.7 firewall with 3 nics. Public, DMZ, and LAN.
> > DNS,Bind is not running here.
> > www Public address is redirected to it's DMZ address.
> > The www server in the DMZ can be accessed by name from the Internet
but
> >
> FreeBSD 4.7 firewall with 3 nics. Public, DMZ, and LAN.
> DNS,Bind is not running here.
> www Public address is redirected to it's DMZ address.
> The www server in the DMZ can be accessed by name from the Internet but
> only by it's private DMZ IP address from the LAN side. Attempt to access
> i
FreeBSD 4.7 firewall with 3 nics. Public, DMZ, and LAN.
DNS,Bind is not running here.
www Public address is redirected to it's DMZ address.
The www server in the DMZ can be accessed by name from the Internet but
only by it's private DMZ IP address from the LAN side. Attempt to access
it by name fro
i agree. it does seem that i need to recompile:
www# ipfw add diver natd all from any to any via dc0
ip_fw_ctl: invalid command
ipfw: getsockopt(IP_FW_ADD): Invalid argument
would seem to indicate this..
i shall commence, as per yours and JoeB's suggestion and report back
thank you both
st
Stephen D. Kingrea wrote:
oh, this looks bad before i do that, i should mention that in the
meantime, i tried to add a divert rule and got
ip_fw_ctl: invalid command
on boot, i get
IP packet filtering initialized, divert disabled, rule-based forwarding
enabled, default to deny, logging di
m any to any
deny ip from any to any
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Stephen D.
Kingrea
Sent: Friday, January 17, 2003 8:53 AM
To: Bill Moran
Cc: [EMAIL PROTECTED]
Subject: Re: different ipfw/natd prob
following is rc.conf, /etc/natd.
xlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff00
ppp0: flags=8010 mtu 1500
sl0: flags=c010 mtu 552
ipfw show
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65000
0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65000 4208345040 all ip from any to any
65535 0 0 deny ip from any to any
thanks for assistance!
stephen d. kingrea
On Fri, 17 Jan 2003, Bill Moran wrote:
>Stephen D. Kingrea wrote:
>> i ha
that i need to rebuild kernel?
stephen d. kingrea
On Fri, 17 Jan 2003, Bill Moran wrote:
>Stephen D. Kingrea wrote:
>> i have a slightly different ipfw/natd problem.
>>
>> machines on the lan can ping internal nic on the server (fbsd 4.7), and
>> the external nic
Stephen D. Kingrea wrote:
i have a slightly different ipfw/natd problem.
machines on the lan can ping internal nic on the server (fbsd 4.7), and
the external nic, but can not ping or reach anything outside. unless i
telnet into the server, then telnet out. currently running ipfw
"open&q
i have a slightly different ipfw/natd problem.
machines on the lan can ping internal nic on the server (fbsd 4.7), and
the external nic, but can not ping or reach anything outside. unless i
telnet into the server, then telnet out. currently running ipfw
"open" until problem is solv
hi
thanks this worked :)
In the gothic chambers of the underworld on Thu, Jan 16, 2003 at 03:51:55PM -0600,
Daniel Schrock darkly muttered:
> Redmond Militante wrote:
> >xl1: flags=3D8843 mtu 1500
> >options=3D3
> >inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
> >
Redmond Militante wrote:
3. What does ifconfig display on the gateway? Does xl1 show as "up" with a
valid media type?
xl1: flags=8843 mtu 1500
options=3
inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
inet6 fe80::206:5bff:fe80:985b%xl1 prefixlen 64 scopeid
Redmond Militante wrote:
xl1: flags=3D8843 mtu 1500
options=3D3
inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
inet6 fe80::206:5bff:fe80:985b%xl1 prefixlen 64 scopeid 0x2=20
ether 00:06:5b:80:98:5b
media: Ethernet autoselect (none)
status: no
>
> Let me ask some questions to help diagnose this:
> 1. From the gateway: Can you ping www.freebsd.org? Can you ping 129.x.x.1?
>
yes to both
2. What's in /etc/resolv.conf on the gateway and the client machine?
>
/etc/resolv.conf is identical on gateway and client machines
search northwest
Redmond Militante wrote:
hi again
i have two machines - one has two nics, one has one nic. i'd like to set up the machine with two
> nics as a gateway/natd box, and place the second machine behind it.
gateway machine's kernel has been recompiled with:
options IPFIREWALL
options IPDIVERT
optio
hi again
i have two machines - one has two nics, one has one nic. i'd like to set up the
machine with two nics as a gateway/natd box, and place the second machine behind it.
gateway machine's kernel has been recompiled with:
options IPFIREWALL
options IPDIVERT
options IPFIREWALL_DEFAULT_TO_ACCE
> - i've run an ethernet cable from xl1 - integrated intel 1000 pro nic on
machine 1 - to machine 2's nic.
> i've edited machine 2's /etc/rc.conf so that it points to the internal
nic - xl1 on machine 1 as it's default gateway:
Ethernet cable? Or crossover cable?
If it's straight cable, you need
- Forwarded message from Redmond Militante <[EMAIL PROTECTED]> -
Date: Thu, 16 Jan 2003 07:20:30 -0600
From: Redmond Militante <[EMAIL PROTECTED]>
To: Axel Gruner <[EMAIL PROTECTED]>
Subject: Re: ipfw/natd questions
Reply-To: Redmond Militante <[EMAIL PROTECTED]&
On Wed, 15 Jan 2003 19:08:08 -0600
Redmond Militante <[EMAIL PROTECTED]> wrote:
[...]
> at the moment, it's not working.
> on machine 2, i can't ping www.freebsd.org - i get 'hostname lookup
> failure', i can't ping xl0 - external nic on machine 1 - ping
> 129.x.x.35 gives me a 'host is down messag
now i'm trying to set up a gateway box using ipfw/natd. i have 2 test machines -
machine 1 has two nics, one's an integrated intel 1000 pro, the other is an old pci
3com 3c905b. machine 1 has a static ip and hostname. machine 2 is virtually identical
except it has only one nic - the
> I want to redirect incoming ssh packet to another box internally. I have
> got the following as my /etc/natd.conf
>
> dynamic yes
> log_denied yes
> use_sockets yes
> same_ports yes
> unregistered_only
> redirect_port tcp 192.168.0.200:22 4455
>
> When I try to ssh to port 4455 I get nothing - I
Hi
I want to redirect incoming ssh packet to another box internally. I have
got the following as my /etc/natd.conf
dynamic yes
log_denied yes
use_sockets yes
same_ports yes
unregistered_only
redirect_port tcp 192.168.0.200:22 4455
When I try to ssh to port 4455 I get nothing - I have ipfw runni
well you could simply do an ipfw flush and then use ipfw command line to
add back the rule for the loopback device and the natd divert line
(looks like your using natd?), then do a:
ipfw add pass all from any to any
and make sure that you can send and recive traffic in both directions
without
since this is a super small distribution I do not have the default open,
closed, and client firewall configs. The set I am using is based on the
client one though, however I adjusted it to allow traffic from the inside
to the outside on specific ports and hopefully keep-state to let the
returning
Do you have gateway_enable="YES" in your firewall?
Can you get packets through both directions just fine with the firewall
set to "OPEN"?
David
Terrac Skiens wrote:
Hi there,
I have been trying to set up an embedded system from soekris, running a
small version of freebsd on it's internal com
Hi there,
I have been trying to set up an embedded system from soekris, running a
small version of freebsd on it's internal compact flash hard disk.
The machine is built, I have remote access to it and I intend to use it
as a firewall + nat appliance. Directing traffic from machines internally
On Tue, Oct 22, 2002 at 10:55:26AM -0500, Scott Pilz typed:
>
> The answer to this is more than likely 'no'.
>
> But I'll try anyways.
>
> Setup: NATD/IPFW
>
> Say you have an IPFW rule to allow 10.0.0.2 through NATD - thus into the
> internet - and everything else to be blocked.
>
The answer to this is more than likely 'no'.
But I'll try anyways.
Setup: NATD/IPFW
Say you have an IPFW rule to allow 10.0.0.2 through NATD - thus into the
internet - and everything else to be blocked.
Your machine (10.0.0.2) that is being firewalled by NATD/IPFW works fine.
T
From: "JoeB" <[EMAIL PROTECTED]>
To: "dfolkins" <[EMAIL PROTECTED]>
Sent: Tuesday, September 17, 2002 11:54 AM
Subject: RE: ipfw, natd, and keep-state - unexpected dynamic rules generated
> So you have fallen into the dirty secret about FBSD and IPFW/keep-stat
hi everybody,
i have a fbsd 4.6 router box sitting between a local net (192.168.0.255) and
a
single actual ip from a cable modem. naturally, ive set up natd and ipfw on
it, but instead of going the old way with the semi-stateful rules i decided
to go with keep-state/check-state. but problems ar
Is PPP trying to do NAT as well as Natd? I use Natd with tun0 all the
time and it works OK..
-D
:-Original Message-
:From: Allan McDonald [mailto:[EMAIL PROTECTED]]
:Sent: Tuesday, July 16, 2002 8:45 AM
:To: [EMAIL PROTECTED]
:Subject: ipfw, natd & tun0
:
:
:Hi,
:I'm trying to
Hi,
I'm trying to use natd with port redirection and it's not working..
I have a working model, a box with 2 network cards in it, in which natd port
redirection is working just fine..
and I have another which I am trying to do the same thing, however this poor
box has to connect to the internet v
94 matches
Mail list logo
