On Sun, Oct 13, 2002 at 04:23:59PM +0200, Janine C.Buorditez wrote:
> Hi.
>
> My network is like this:
>
> Name: Cisco 677i-DIR (ADSL-router/modem)
> IP: 217.13.29.51
> |
> v
> Name: Ninja (FreeBSD)
> IP: 192.168.187.1
> |
> v
> Name: Aegis (FreeBSD)
> IP: 192.168.187.2
>
> The Cisco router runs CBOS and apparently NAT. I have forwarded these ports to
> Ninja. The address 10.0.0.2 (somehow it has to be that address) goes to Ninja's
> lnc0.
no, the address does not have to be 10.0.0.2, it should be the address
of whichever machine on this inside you want the packets forwarded to.
what is the inside-address on your 677? possibly the router will not
let you forward to a address on a different network than one of it's
inside addresses?
> set nat entry add 10.0.0.2 22 0.0.0.0 22 tcp
> set nat entry add 10.0.0.2 25 0.0.0.0 25 tcp
> set nat entry add 10.0.0.2 80 0.0.0.0 80 tcp
> set nat entry add 10.0.0.2 53 0.0.0.0 53 tcp
> set nat entry add 10.0.0.2 113 0.0.0.0 113 tcp
> set nat entry add 10.0.0.2 1024-5000 0.0.0.0 1024-5000 tcp
> set nat entry add 10.0.0.2 31337 0.0.0.0 31337 tcp
why are you opening up ports 53 and 1024-5000? unless you have specific
processes listening on port within those ranges you probably shouldn't
open them.
> This should cover most things, shouldn't it? However I'm concerned the use of NAT
> on my router and boxes has stirred shit up. For instance, I can only connect to
> my OpenFTPD (on 31337) site locally. Connecting remotely gives me:
right, your NAT entry is pointing to some non-existant host at 10.0.0.2.
it should be pointing to one of the boxes with a 192.168.187.x address -
the one with FTPD running. which, by the way, bring up the issue
that are not forwarding FTP - port 21 - anywhere. certainly nothing
will get through with this setup.
> lftp [EMAIL PROTECTED]:~> ls
> Connecting to ninja.terrabionic.com (217.13.29.51) port 31337
> Socket error (Connection timed out) - reconnecting
>
> Also I've been hearing people not getting ident requests from me.
>
> This can not be a BIND issue can it? I find it odd why my hostname sometimes
> doesn't resolve on EFNet, but on all the other networks I'm on.
>
> NAT, it seems, has really made networking a lot harder for me than what I
> deserve. I hope somebody understands my situation and are able to give useful
> replies.
no, NAT(or PAT in this case) is your friend. it saves you money, and it
adds a certain level of security. sounds like you need to read up more
on CBOS and NAT/PAT. This guy has some useful instructions on setting
up your Cisco. I think he's talking about a 675 or 678, but it will
probably still apply to you case:
http://www.users.qwest.net/~rlutton/ADSL/
Nathan
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
