-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Thank you for your replies gentlemen, this post is a bit old, I have already built my FreeBSD NAT box and configured IPFW...I am currently building a new kernel configuration for the machine to include IPDIVERT, IPFIREWALL and a few other system specific modifications.
If I have any questions concerning this issue, I will include you both (Eric, Rich) in the list. Thanks
Eric Crist wrote: | SEE BOTTOM | |>-----Original Message----- |>From: [EMAIL PROTECTED] |>[mailto:[EMAIL PROTECTED] On Behalf Of |>Rich Shinnick |>Sent: Thursday, August 19, 2004 11:46 PM |>To: 'Hakim Singhji'; 'Hakim Z. Singhji'; 'MatthewSeaman' |>Cc: 'Bill Moran'; [EMAIL PROTECTED] |>Subject: RE: HOWTO Ping LAN??? |> |> |>Hakim, |> |>What you are trying to do is possible in two ways: |> |>1. SSH to the box, and tunnel to other internal machines |>according to the tunnels you have set up. (See the last email |>I sent). 2. Port forward connections from the Internet "thru" |>the BSD to internal machines. |> |>Check these links: http://www.rootprompt.net/freebsd_firewall.html |>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fire |>walls.html |> |> |> _____ |> |>From: Hakim Singhji [mailto:[EMAIL PROTECTED] |>Sent: Thursday, July 29, 2004 10:27 AM |>To: Hakim Z. Singhji; MatthewSeaman |>Cc: Bill Moran; [EMAIL PROTECTED] |>Subject: Re: HOWTO Ping LAN??? |> |> |>Hi Matt, |> |>You say that the only way I will be able to connect to my |>network is by tunneling. |>This is not what I want to do, I thought I may be able to |>SSH, Telnet, www, etc. |>from the outside to my default gateway and have the gateway |>pass SSH, Telnet, |>www., or any other request to the machine on the private |>network by including the |>"localhost.defaultgateway.domain.org" or something to that affect. |> |>Does NAT Overloading only go one way??? |> |>Hakim Z. Singhji |>Coordinating Mgr. / Infection Control |>718-245-3923 |>[EMAIL PROTECTED] |> |> |>>>>Matthew Seaman <[EMAIL PROTECTED]> |> |>7/29/2004 5:32:32 |> |>>>>AM |>>>> |> |>On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote: |> |> |>>Figure 1 |>> |>>*************** |>>* Internet * |>>*24.199.1xx.xx* |>>*************** |>>~ | |>>~ | |>>*************** ************** |>>* Defaut GW * __ __ *Kids Machine* |>>*184.108.40.206 * *220.127.116.11 * |>>FreeBSD 4.10 * * Mandrake 10* |>>*************** ************** |>>~ | |>>~ | |>>***************** |>>*Wrk Station1* |>>*18.104.22.168 * |>>*Redhat 9 * |>>***************** |>> |>>This is a rough diagram of the network... I would like to |> |>ssh, ping, |> |>>etc. the machines behind the default gateway directly (without |>>tunneling) from the outside the network (at work for |> |>example). Is this |> |>>possible and if so how do I config. Keep in mind that my default |>>gateway is FreeBSD. I know this may be a complicated project but if |>>you could help that would help me greatly. Many thanks to |> |>everyone in |> |>>advance. |> |>I'm afraid that's not going to be possible with your current |>network layout. If you want all of your machines to be |>accessible from the Internet, then you'll need routable |>addresses on all of your machines. |> |>I know you've said you don't want to use tunnelling, but |>unfortunately, that's the only way you can access a private |>address space as you have from outside it. A relatively |>simple way of doing that is to ssh into your gateway box, and |>use the '-L' or '-R' portforwarding options to create a |>tunnel to one of the internal machines, and then ssh or |>otherwise connect through that tunnel: see eg. |> | | http://www.linux.ie/articles/tutorials/ssh.php | | One other point: you're going to have problems if you're using | 192.168.0.0 as the IP number on your FreeBSD machine. That's the | *network* address, and shouldn't be applied directly to any specific | machine. If you're running your internal network using 192.168.0.0/24 as | the address space, then you have 254 addresses (from 192.168.0.1 to | 192.168.0.254) to use for client machines, since 192.168.0.0 (network | address) and 192.168.0.255 (broadcast address) are reserved as part of | the networking setup. | | Cheers, | | Matthew | | -- | Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks | Savill Way | PGP: http://www.infracaninophile.co.uk/pgpkey Marlow | Tel: +44 1628 476614 Bucks., SL7 1TH UK | | | Hello, | | There is one real solution to this here. | | You could setup a DMZ to your Default Gateway. If this is a Linksys | Broadband Gateway, it's as simple as checking a box and typing in the | private IP address. This routes all incoming (non-statefull) | connections to this host. Since your IP changes, use a dynamic DNS | service such as no-ip.org(sp?) or tzo.com. I've used TZO.com, | personally, then I just got DSL with a /29 static IP address allocation. | This should work without issue, unless your DMZ firewall rules prevent | it. I would need more information to let you know. | | HTH | | Eric F Crist | Best Access Systems | 11300 Rupp Dr. Burnsville, MN 55337 | Phone: 952.894.3830 | Cell: 612.998.3588 | Fax: 952-894-1990 | | | | _______________________________________________ | [EMAIL PROTECTED] mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-questions | To unsubscribe, send any mail to "[EMAIL PROTECTED]" | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBJbYRlT9WV6TztkoRAgUhAJ9jgGuS9xXGNH5XzwXmku2w6PheWwCdFPed 3MXw5ZImQrd9oFKT25Imwpk= =HqoR -----END PGP SIGNATURE-----
Description: S/MIME Cryptographic Signature