Re: HOWTO Ping LAN???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Thank you for your replies gentlemen, this post is a bit old, I have already built my FreeBSD NAT box and configured IPFW...I am currently building a new kernel configuration for the machine to include IPDIVERT, IPFIREWALL and a few other system specific modifications. If I have any questions concerning this issue, I will include you both (Eric, Rich) in the list. Thanks Eric Crist wrote: | SEE BOTTOM | |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |Rich Shinnick |Sent: Thursday, August 19, 2004 11:46 PM |To: 'Hakim Singhji'; 'Hakim Z. Singhji'; 'MatthewSeaman' |Cc: 'Bill Moran'; [EMAIL PROTECTED] |Subject: RE: HOWTO Ping LAN??? | | |Hakim, | |What you are trying to do is possible in two ways: | |1. SSH to the box, and tunnel to other internal machines |according to the tunnels you have set up. (See the last email |I sent). 2. Port forward connections from the Internet thru |the BSD to internal machines. | |Check these links: http://www.rootprompt.net/freebsd_firewall.html |http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fire |walls.html | | | _ | |From: Hakim Singhji [mailto:[EMAIL PROTECTED] |Sent: Thursday, July 29, 2004 10:27 AM |To: Hakim Z. Singhji; MatthewSeaman |Cc: Bill Moran; [EMAIL PROTECTED] |Subject: Re: HOWTO Ping LAN??? | | |Hi Matt, | |You say that the only way I will be able to connect to my |network is by tunneling. |This is not what I want to do, I thought I may be able to |SSH, Telnet, www, etc. |from the outside to my default gateway and have the gateway |pass SSH, Telnet, |www., or any other request to the machine on the private |network by including the |localhost.defaultgateway.domain.org or something to that affect. | |Does NAT Overloading only go one way??? | |Hakim Z. Singhji |Coordinating Mgr. / Infection Control |718-245-3923 |[EMAIL PROTECTED] | | |Matthew Seaman [EMAIL PROTECTED] | |7/29/2004 5:32:32 | |AM | | |On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote: | | |Figure 1 | |*** |* Internet * |*24.199.1xx.xx* |*** |~ | |~ | |*** ** |* Defaut GW * __ __ *Kids Machine* |*192.68.0.1 * *192.68.0.3 * |FreeBSD 4.10 * * Mandrake 10* |*** ** |~ | |~ | |* |*Wrk Station1* |*192.68.0.2 * |*Redhat 9 * |* | |This is a rough diagram of the network... I would like to | |ssh, ping, | |etc. the machines behind the default gateway directly (without |tunneling) from the outside the network (at work for | |example). Is this | |possible and if so how do I config. Keep in mind that my default |gateway is FreeBSD. I know this may be a complicated project but if |you could help that would help me greatly. Many thanks to | |everyone in | |advance. | |I'm afraid that's not going to be possible with your current |network layout. If you want all of your machines to be |accessible from the Internet, then you'll need routable |addresses on all of your machines. | |I know you've said you don't want to use tunnelling, but |unfortunately, that's the only way you can access a private |address space as you have from outside it. A relatively |simple way of doing that is to ssh into your gateway box, and |use the '-L' or '-R' portforwarding options to create a |tunnel to one of the internal machines, and then ssh or |otherwise connect through that tunnel: see eg. | | | http://www.linux.ie/articles/tutorials/ssh.php | | One other point: you're going to have problems if you're using | 192.168.0.0 as the IP number on your FreeBSD machine. That's the | *network* address, and shouldn't be applied directly to any specific | machine. If you're running your internal network using 192.168.0.0/24 as | the address space, then you have 254 addresses (from 192.168.0.1 to | 192.168.0.254) to use for client machines, since 192.168.0.0 (network | address) and 192.168.0.255 (broadcast address) are reserved as part of | the networking setup. | | Cheers, | | Matthew | | -- | Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks | Savill Way | PGP: http://www.infracaninophile.co.uk/pgpkey Marlow | Tel: +44 1628 476614 Bucks., SL7 1TH UK | | | Hello, | | There is one real solution to this here. | | You could setup a DMZ to your Default Gateway. If this is a Linksys | Broadband Gateway, it's as simple as checking a box and typing in the | private IP address. This routes all incoming (non-statefull) | connections to this host. Since your IP changes, use a dynamic DNS | service such as no-ip.org(sp?) or tzo.com. I've used TZO.com, | personally, then I just got DSL with a /29 static IP address allocation. | This should work without issue, unless your DMZ firewall rules prevent | it. I would need more information to let you know. | | HTH | | Eric F Crist | Best Access Systems | 11300 Rupp Dr. Burnsville, MN 55337 | Phone: 952.894.3830 | Cell: 612.998.3588 | Fax: 952-894-1990
RE: HOWTO Ping LAN???
Hakim, What you are trying to do is possible in two ways: 1. SSH to the box, and tunnel to other internal machines according to the tunnels you have set up. (See the last email I sent). 2. Port forward connections from the Internet thru the BSD to internal machines. Check these links: http://www.rootprompt.net/freebsd_firewall.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html _ From: Hakim Singhji [mailto:[EMAIL PROTECTED] Sent: Thursday, July 29, 2004 10:27 AM To: Hakim Z. Singhji; MatthewSeaman Cc: Bill Moran; [EMAIL PROTECTED] Subject: Re: HOWTO Ping LAN??? Hi Matt, You say that the only way I will be able to connect to my network is by tunneling. This is not what I want to do, I thought I may be able to SSH, Telnet, www, etc. from the outside to my default gateway and have the gateway pass SSH, Telnet, www., or any other request to the machine on the private network by including the localhost.defaultgateway.domain.org or something to that affect. Does NAT Overloading only go one way??? Hakim Z. Singhji Coordinating Mgr. / Infection Control 718-245-3923 [EMAIL PROTECTED] Matthew Seaman [EMAIL PROTECTED] 7/29/2004 5:32:32 AM On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote: Figure 1 *** * Internet * *24.199.1xx.xx* *** ~ | ~ | *** ** * Defaut GW * __ __ *Kids Machine* *192.68.0.1 * *192.68.0.3 * FreeBSD 4.10 * * Mandrake 10* *** ** ~ | ~ | * *Wrk Station1* *192.68.0.2 * *Redhat 9 * * This is a rough diagram of the network... I would like to ssh, ping, etc. the machines behind the default gateway directly (without tunneling) from the outside the network (at work for example). Is this possible and if so how do I config. Keep in mind that my default gateway is FreeBSD. I know this may be a complicated project but if you could help that would help me greatly. Many thanks to everyone in advance. I'm afraid that's not going to be possible with your current network layout. If you want all of your machines to be accessible from the Internet, then you'll need routable addresses on all of your machines. I know you've said you don't want to use tunnelling, but unfortunately, that's the only way you can access a private address space as you have from outside it. A relatively simple way of doing that is to ssh into your gateway box, and use the '-L' or '-R' portforwarding options to create a tunnel to one of the internal machines, and then ssh or otherwise connect through that tunnel: see eg. http://www.linux.ie/articles/tutorials/ssh.php One other point: you're going to have problems if you're using 192.168.0.0 as the IP number on your FreeBSD machine. That's the *network* address, and shouldn't be applied directly to any specific machine. If you're running your internal network using 192.168.0.0/24 as the address space, then you have 254 addresses (from 192.168.0.1 to 192.168.0.254) to use for client machines, since 192.168.0.0 (network address) and 192.168.0.255 (broadcast address) are reserved as part of the networking setup. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK smime.p7s Description: S/MIME cryptographic signature
RE: HOWTO Ping LAN???
SEE BOTTOM -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Shinnick Sent: Thursday, August 19, 2004 11:46 PM To: 'Hakim Singhji'; 'Hakim Z. Singhji'; 'MatthewSeaman' Cc: 'Bill Moran'; [EMAIL PROTECTED] Subject: RE: HOWTO Ping LAN??? Hakim, What you are trying to do is possible in two ways: 1. SSH to the box, and tunnel to other internal machines according to the tunnels you have set up. (See the last email I sent). 2. Port forward connections from the Internet thru the BSD to internal machines. Check these links: http://www.rootprompt.net/freebsd_firewall.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fire walls.html _ From: Hakim Singhji [mailto:[EMAIL PROTECTED] Sent: Thursday, July 29, 2004 10:27 AM To: Hakim Z. Singhji; MatthewSeaman Cc: Bill Moran; [EMAIL PROTECTED] Subject: Re: HOWTO Ping LAN??? Hi Matt, You say that the only way I will be able to connect to my network is by tunneling. This is not what I want to do, I thought I may be able to SSH, Telnet, www, etc. from the outside to my default gateway and have the gateway pass SSH, Telnet, www., or any other request to the machine on the private network by including the localhost.defaultgateway.domain.org or something to that affect. Does NAT Overloading only go one way??? Hakim Z. Singhji Coordinating Mgr. / Infection Control 718-245-3923 [EMAIL PROTECTED] Matthew Seaman [EMAIL PROTECTED] 7/29/2004 5:32:32 AM On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote: Figure 1 *** * Internet * *24.199.1xx.xx* *** ~ | ~ | *** ** * Defaut GW * __ __ *Kids Machine* *192.68.0.1 * *192.68.0.3 * FreeBSD 4.10 * * Mandrake 10* *** ** ~ | ~ | * *Wrk Station1* *192.68.0.2 * *Redhat 9 * * This is a rough diagram of the network... I would like to ssh, ping, etc. the machines behind the default gateway directly (without tunneling) from the outside the network (at work for example). Is this possible and if so how do I config. Keep in mind that my default gateway is FreeBSD. I know this may be a complicated project but if you could help that would help me greatly. Many thanks to everyone in advance. I'm afraid that's not going to be possible with your current network layout. If you want all of your machines to be accessible from the Internet, then you'll need routable addresses on all of your machines. I know you've said you don't want to use tunnelling, but unfortunately, that's the only way you can access a private address space as you have from outside it. A relatively simple way of doing that is to ssh into your gateway box, and use the '-L' or '-R' portforwarding options to create a tunnel to one of the internal machines, and then ssh or otherwise connect through that tunnel: see eg. http://www.linux.ie/articles/tutorials/ssh.php One other point: you're going to have problems if you're using 192.168.0.0 as the IP number on your FreeBSD machine. That's the *network* address, and shouldn't be applied directly to any specific machine. If you're running your internal network using 192.168.0.0/24 as the address space, then you have 254 addresses (from 192.168.0.1 to 192.168.0.254) to use for client machines, since 192.168.0.0 (network address) and 192.168.0.255 (broadcast address) are reserved as part of the networking setup. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK Hello, There is one real solution to this here. You could setup a DMZ to your Default Gateway. If this is a Linksys Broadband Gateway, it's as simple as checking a box and typing in the private IP address. This routes all incoming (non-statefull) connections to this host. Since your IP changes, use a dynamic DNS service such as no-ip.org(sp?) or tzo.com. I've used TZO.com, personally, then I just got DSL with a /29 static IP address allocation. This should work without issue, unless your DMZ firewall rules prevent it. I would need more information to let you know. HTH Eric F Crist Best Access Systems 11300 Rupp Dr. Burnsville, MN 55337 Phone: 952.894.3830 Cell: 612.998.3588 Fax: 952-894-1990 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HOWTO Ping LAN???
On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote: Figure 1 *** * Internet * *24.199.1xx.xx* *** ~ | ~ | *** ** * Defaut GW * __ __ *Kids Machine* *192.68.0.0 * *192.68.0.3 * ~ FreeBSD 4.10 ** Mandrake 10* *** ** ~ | ~ | *** *Wrk Station 1* *192.68.0.1 * *Redhat 9 * *** This is a rough diagram of the network... I would like to ssh, ping, etc. the machines behind the default gateway directly (without tunneling) from the outside the network (at work for example). Is this possible and if so how do I config. Keep in mind that my default gateway is FreeBSD. I know this may be a complicated project but if you could help that would help me greatly. Many thanks to everyone in advance. I'm afraid that's not going to be possible with your current network layout. If you want all of your machines to be accessible from the Internet, then you'll need routable addresses on all of your machines. I know you've said you don't want to use tunnelling, but unfortunately, that's the only way you can access a private address space as you have from outside it. A relatively simple way of doing that is to ssh into your gateway box, and use the '-L' or '-R' portforwarding options to create a tunnel to one of the internal machines, and then ssh or otherwise connect through that tunnel: see eg. http://www.linux.ie/articles/tutorials/ssh.php One other point: you're going to have problems if you're using 192.168.0.0 as the IP number on your FreeBSD machine. That's the *network* address, and shouldn't be applied directly to any specific machine. If you're running your internal network using 192.168.0.0/24 as the address space, then you have 254 addresses (from 192.168.0.1 to 192.168.0.254) to use for client machines, since 192.168.0.0 (network address) and 192.168.0.255 (broadcast address) are reserved as part of the networking setup. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpWWQfQYD8aq.pgp Description: PGP signature
Re: HOWTO Ping LAN???
On Thu, Jul 29, 2004 at 10:27:05AM -0400, Hakim Singhji wrote: Hi Matt, You say that the only way I will be able to connect to my network is by tunneling. This is not what I want to do, I thought I may be able to SSH, Telnet, www, etc. from the outside to my default gateway and have the gateway pass SSH, Telnet, www., or any other request to the machine on the private network by including the localhost.defaultgateway.domain.org or something to that affect. Does NAT Overloading only go one way??? Essentially, yes. What you're after is called 'port forwarding' (which is actually a class of tunnelling methods). What you can't do in the sort of setup you describe is ssh(1) to the gateway machine and have it connect you to some arbitrary machine on your internal network. The outside world doesn't know anything about the arrangement of your private network: which machine should the gateway box forward the incoming connection to? All it sees is a TCP syn packet sent to port 22 on its internet interface. Going the other way round -- where the internal machine initiates the connection -- works because you can match up the response 'ACK' packet to the outgoing 'SYN' packet In order to allow remote access to your private machines you've somehow got to introduce a mechanism to permit the gateway machine to know which of the internal machines you want to connect to. You can set up non-standard ports on the NAT gateway to forward connections to internal machines: eg. Port: Destination: -- 2201 192.168.0.1:22 2202 192.168.0.2:22 2203 192.168.0.3:22 (see natd(8) but a) you'ld have to do that for each service on each machine you want connectivity to, and b) it's not going to work in the specific case of ssh(1) specifically, because ssh(1) attempts to verify the identity of the host it connects to against the host keys presented to it during the SSH connection. Probably the easiest thing to do is log into your gateway machine via ssh(1) and then take a second hop from there to your internal machines. telnet(1) is generally a bad idea for security reasons. ping(8) which operates via ICMP echo request is completely out: ICMP doesn't have the concept of port numbers at all, so there's no way to clue the NAT gateway into which machine you want to communicate with. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpdfHI8Byvo2.pgp Description: PGP signature
HOWTO Ping LAN???
Hi All, Many of you have seen my posts lately, I'm a noobie to FreeBSD. I'm trying to configure a home Windows Free home network complete with default gateway, LAN, Wireless 802.11b and several flavors of Linux/BSD. Its a pretty big project for me and is teaching me ALOT. However I have a test setup and I'm am not able to ping my local machine. I can only ping my gateway. My local machine is enabled to receive FTP, PING and SSH. In addition the firewall on my default gateway is also configured to operate those services. I don't know where I''ve gone wrong, my default gateway works fine however...I cannot find my network from the outside. What is the problem??? Thanks in advance for all your help. HZS Hakim Z. Singhji Coordinating Mgr. / Infection Control 718-245-3923 [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: HOWTO Ping LAN???
PLEASE wrap your lines. I'm not interested in fixing obnoxious email formatting any more. See http://www.lemis.com/questions.html Hakim Singhji [EMAIL PROTECTED] wrote: Hi All, Many of you have seen my posts lately, I'm a noobie to FreeBSD. I'm trying to configure a home Windows Free home network complete with default gateway, LAN, Wireless 802.11b and several flavors of Linux/BSD. Its a pretty big project for me and is teaching me ALOT. However I have a test setup and I'm am not able to ping my local machine. I can only ping my gateway. My local machine is enabled to receive FTP, PING and SSH. In addition the firewall on my default gateway is also configured to operate those services. I don't know where I''ve gone wrong, my default gateway works fine however...I cannot find my network from the outside. What is the problem??? Thanks in advance for all your help. Do you have _real_ IPs? Most people only get one real IP from their ISP, and then use private IPs (such as 192.168.0.x or 10.0.0.x) for the rest of their machines. If you're doing such, you'll either need exciting nat rules on the gateway, or some other workaround. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: HOWTO Ping LAN???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Bill, | Do you have _real_ IPs? I have one IP only... |Most people only get one real IP from their ISP, and |then use private IPs (such as 192.168.0.x or 10.0.0.x) for the rest |of their machines. Yes, I have a similar setup for my private network... |If you're doing such, you'll either need exciting nat rules on | the gateway, or some other workaround. Yes this is where I need assistance, I have read quite a bit on NAT however it seems that I am missing something??? With that said, I'll get back to business. I was thinking that NAT would resolve my issue, however only one way. What if I am outside my home-network and I want to SSH one of the machines behind the default gateway. At present it is not possible and I don't know how to make this possible. Figure 1 *** * Internet * *24.199.1xx.xx* *** ~ | ~ | *** ** * Defaut GW * __ __ *Kids Machine* *192.68.0.0 * *192.68.0.3 * ~ FreeBSD 4.10 * * Mandrake 10* *** ** ~ | ~ | *** *Wrk Station 1* *192.68.0.1 * *Redhat 9 * *** This is a rough diagram of the network... I would like to ssh, ping, etc. the machines behind the default gateway directly (without tunneling) from the outside the network (at work for example). Is this possible and if so how do I config. Keep in mind that my default gateway is FreeBSD. I know this may be a complicated project but if you could help that would help me greatly. Many thanks to everyone in advance. HZS Bill Moran wrote: | PLEASE wrap your lines. I'm not interested in fixing obnoxious email formatting | any more. See http://www.lemis.com/questions.html | | Hakim Singhji [EMAIL PROTECTED] wrote: | |Hi All, | |Many of you have seen my posts lately, I'm a noobie to FreeBSD. I'm trying |to configure a home Windows Free home network complete with default |gateway, LAN, Wireless 802.11b and several flavors of Linux/BSD. | |Its a pretty big project for me and is teaching me ALOT. However I have a |test setup and I'm am not able to ping my local machine. I can only ping |my gateway. My local machine is enabled to receive FTP, PING and SSH. In |addition the firewall on my default gateway is also configured to operate |those services. | |I don't know where I''ve gone wrong, my default gateway works fine |however...I cannot find my network from the outside. What is the problem??? | Thanks in advance for all your help. | | | Do you have _real_ IPs? Most people only get one real IP from their ISP, and | then use private IPs (such as 192.168.0.x or 10.0.0.x) for the rest of their | machines. If you're doing such, you'll either need exciting nat rules on | the gateway, or some other workaround. | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBCI2xNF6tCt5tOyIRAuioAJwIqSmh060ZCg4j2AB1qyFzbE4/+gCfRwtI 1HdZdh/+e9KVTjaP8tVoZ7s= =ZVbx -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
