Re: NATD Question
On 8/27/2010 9:14 PM, Michael J. Kearney wrote: Will natd forward rtmp:// ??? I am sure libalias and natd know nothing about rtmp. freebsd# cat /etc/natd.conf use_sockets redirect_port tcp 192.168.0.3:3389 10.1.10.172:3389 redirect_port tcp 192.168.0.2:1935 10.1.10.172:1935 redirect_port tcp 192.168.0.2:8790 10.1.10.172:8790 redirect_port tcp 192.168.0.2:6000-6100 10.1.10.172:6000-6100 interface fxp0 log Everything else seems to work just fine. What am I doing wrong ? Some protos need special handling when an IP address is changed. Are you sure rtmp can be redirected only by changing the destination address? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: natd question
Multihome your FBSD box. Assign your outside nic the external ip, inside nic your local subnet dg. Configure natd. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html Does FreeBSD still ship with ipnat? Or is natd the only nat'ing service? Chris Markus Kovero wrote: How to config natd to nat certain private subnets to another external ips? Markus Kovero -- Christopher Hollow - Technical Consultant Infrastructure & Technology Support ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: NATd question
Hi dear Asher, First: Thank you TOO much for your detailed replay, its really a help! in your configurations you depend that ISP will give the BSD an IP. But in fact, Iam using a DSL MODEM ROUTER, which will call the internet automatically, and will assign (the router) the IP 192.168.0.1 plus the real ip which ISP will give. and this Router will be connected to the FreeBSD box. This is why I'm missed, in your sweet drawing (wan nic)FreeBSD(lan nic) what the gateway should be? The router IP I assume? is it on (wan nic)? and do i need a DHCP?on xl0 ? manly im setting this configuration just to controll the network I need to block some IPs from internet and someother IPs a few ports, so im setting this BSD box because of the ipfw rules.. Can you explain it accoring to DSL MODEM ROUTER which will assign an IP automaticaly ? how we will setup the freebsd to be the main gateway for clinets? insted the router? Iam sory for the long email. VERY warm thanks for you. Marwan On Mon, 8 Dec 2003 08:47:22 -0600, Bill Asher wrote > Do you have a static IP you can use on the BSD box? Typically when > we setup DSL we take it straight from the DSL or Cable "modem" to > the BSD Box which gets assigned an IP address from the provider > either static or dynamic. You then run NATD for your internal > clients to use the FreeBSD's public IP. Like so: > > Internet --> DSL Modem --> (wan nic)FreeBSD(lan nic) --> Switch/Hub - > -> Clients > > FreeBSD IPs > Wan nic(xl0) = DHCP > Lan nic(xl1) = 10.2.2.1 > > To assign your IP addressess edit /etc/rc.conf, Heres and example using > DHCP on the wan nic: > > defaultrouter="10.2.2.1" > gateway_enable="YES" > hostname="fw01.domain.com" > ifconfig_xl0="DHCP" > ifconfig_xl1="inet 10.2.2.1 netmask 255.255.255.0" > linux_enable="YES" > sendmail_enable="YES" > sshd_enable="YES" > usbd_enable="YES" > natd_program="/sbin/natd" # path to natd, if you want a different > one. > natd_enable="YES"# Enable natd (if firewall_enable == > YES). > natd_interface="xl0" # Public interface or IPaddress to > use. natd_flags="-f /etc/natd.cf"# Additional flags for natd. > > Your clients would be setup like this: > Client 01 > IP = 10.2.2.10 > Gateway = 10.2.2.1 > DNS = Your.DNS.Server.IP > > You can run DHCP server on your FreeBSD box to hand Ips out to your > clients if you'd like, make sure you bind it to your LAN Nic of your > FreeBDS box though. > > If you have Static Ips just substitute those instead of using DHCP > for your wan nic. > > Hope this helps, this is just the way I do it. > > Let me know if you have other questions in setting this up. > > B.Asher - PND,LLC - www.protechnet.com > > -Original Message- > From: Marwan Sultan [mailto:[EMAIL PROTECTED] > Sent: Sunday, December 07, 2003 10:56 AM > To: FreeBSD questions List > Subject: NATd question > > Hello Everybody, > >Im on FreeBSD 4.8-R fresh installation. >and this is the configuration i will use on my LAN > >Internet ->connected-> DSL Router -> FreeBSD box -> HUB -> LAN > >DSL Router has an IP 192.168.0.1 and the real IP too. > >FreeBSD box has 2 NIC's >My question is: > >Where and How to sign 2 IPs for 2 NICs? > >which IP the NIC connected to DSL should sign? >Which IP the NIC connected to HUB should sign? >Which of these IPs will be as gateway IP the clients will sign? > >I have read the instructions of freebsd.org, >and it says the gateway will be the BSD machine 192.168.0.1 >BUT this IP in my LAN is signed to the router automatilcaly. > >Can someone explain? advise? This machine will be only for this use. > >Thank you > -- > Marwan Sultan > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" -- Marwan Sultan Network Administrator ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NATd question
On Dec 7, 2003, at 11:15 PM, Matt Edwards wrote: consumer: "I have two computers. I need to make sure they can both get on the internet." (Thinking: "I know my buddy did this with his setup") ISP: "Oh you mean you need a second IP address, right?" (Thinking: "The poor guy doesn't know he can do it with one and NAT server. But I ain't telling him that.") Of course, not long ago, you would have had the 1st tier tech support drone accuse you of stealing bandwidth if you mentioned that you had more than one machine networked. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NATd question
There some marketing scams out there that some ISP use to get you to pay just a bit more for service. One common scam is as follows: consumer: "I have two computers. I need to make sure they can both get on the internet." (Thinking: "I know my buddy did this with his setup") ISP: "Oh you mean you need a second IP address, right?" (Thinking: "The poor guy doesn't know he can do it with one and NAT server. But I ain't telling him that.") consumer: "Will that let me get both of these connected?" ISP: "Oh you bet. It will only be $5($10/$15/maybe even $20) more dollars a month" consumer: "Ok set it up. Lets do that. I really need to get these two on the internet." ;) Matt - Original Message - From: "Vulpes Velox" <[EMAIL PROTECTED]> To: "Marwan Sultan" <[EMAIL PROTECTED]> Cc: "FreeBSD questions List" <[EMAIL PROTECTED]> Sent: Sunday, December 07, 2003 8:50 PM Subject: Re: NATd question > On Sun, 7 Dec 2003 19:56:14 +0300 > "Marwan Sultan" <[EMAIL PROTECTED]> wrote: > > > Hello Everybody, > > > > > >Im on FreeBSD 4.8-R fresh installation. > >and this is the configuration i will use on my LAN > > > >Internet ->connected-> DSL Router -> FreeBSD box -> HUB -> LAN > > > >DSL Router has an IP 192.168.0.1 and the real IP too. > > > >FreeBSD box has 2 NIC's > >My question is: > > > >Where and How to sign 2 IPs for 2 NICs? > > > >which IP the NIC connected to DSL should sign? > >Which IP the NIC connected to HUB should sign? > >Which of these IPs will be as gateway IP the clients will sign? > > The DSL connection is probally going to be DHCP so just set the nic connected to > it for DHCP. Then for the lan select what ever private address you want. > > You will have to experiment a bit to figure out which is which. > > >I have read the instructions of freebsd.org, > >and it says the gateway will be the BSD machine 192.168.0.1 > >BUT this IP in my LAN is signed to the router automatilcaly. > > You can assign the gateway machine any private address you want. BTW if you have > a gateway why are you setting up a second? > > >Can someone explain? advise? This machine will be only for this use. > > It basically works like this... > LAN -> gateway -> natd -> dsl uplink device -> WAN > > Any thing on to a address not included in the subnet mask is going to leave > throught the gateway. The usual subnet mask is 255.255.255.0 so thus there are > 256 possabilities of address in the alloted space. Now lets say out gateway is > 192.168.0.1 any thing not belonging to 192.168.0.1/24 is going to leave thought > the gateway. On it's way out that packet is going to be monkeyed, by natd, with > so it will know where to send the returned info. This is done so that it will > know which machine on the LAN it should be sent too. > ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NATd question
On Sun, 7 Dec 2003 19:56:14 +0300 "Marwan Sultan" <[EMAIL PROTECTED]> wrote: > Hello Everybody, > > >Im on FreeBSD 4.8-R fresh installation. >and this is the configuration i will use on my LAN > >Internet ->connected-> DSL Router -> FreeBSD box -> HUB -> LAN > >DSL Router has an IP 192.168.0.1 and the real IP too. > >FreeBSD box has 2 NIC's >My question is: > >Where and How to sign 2 IPs for 2 NICs? > >which IP the NIC connected to DSL should sign? >Which IP the NIC connected to HUB should sign? >Which of these IPs will be as gateway IP the clients will sign? The DSL connection is probally going to be DHCP so just set the nic connected to it for DHCP. Then for the lan select what ever private address you want. You will have to experiment a bit to figure out which is which. >I have read the instructions of freebsd.org, >and it says the gateway will be the BSD machine 192.168.0.1 >BUT this IP in my LAN is signed to the router automatilcaly. You can assign the gateway machine any private address you want. BTW if you have a gateway why are you setting up a second? >Can someone explain? advise? This machine will be only for this use. It basically works like this... LAN -> gateway -> natd -> dsl uplink device -> WAN Any thing on to a address not included in the subnet mask is going to leave throught the gateway. The usual subnet mask is 255.255.255.0 so thus there are 256 possabilities of address in the alloted space. Now lets say out gateway is 192.168.0.1 any thing not belonging to 192.168.0.1/24 is going to leave thought the gateway. On it's way out that packet is going to be monkeyed, by natd, with so it will know where to send the returned info. This is done so that it will know which machine on the LAN it should be sent too. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: natd question
On Tuesday, October 21, 2003, at 05:31 PM, [EMAIL PROTECTED] wrote: have you tried this reading this? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network- natd.html dont forget to set the gateway IP address of your network clients to the IP address of your FreeBSD nat server. yes. i've read the freebsd unleashed book, the freebsd.org docs, the man pages, as well as a freebsddiary.com article on setting up a nat server. the server is using freebsd 4.6.2 with nat and ipfw. i am working with a security engineer who set up our ipfw rules. i had him double check the rules and double check my nat configuration. he could not find any problems. when on the subnet, i am able to ping the linksys router which is connected to our dsl modem, but can't seem to get packets beyond the router. is there any way to test that the packets are actually being translated? hope this helps... - Gil Agno Virtucio Janitor/Collector/Messenger NEC System Integration and Construction Philippines Inc. 15th Floor BPI Buendia Center.__ ___ ___ . Gil Puyat Ave. Makati City 1200 / _/|__|/ | \|| Cellphone : +639163989695 / \ ___| /~\| Office Phone: +6328914167 \\_\ \ \Y/|___ \__ /__|\___|_ /|___ \ \/ \/ \/ - -Original Message- From: Michelle [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 22, 2003 6:00 AM To: [EMAIL PROTECTED] Subject: natd question i am running freebsd 4.6.2. i have 2 nic cards on the machine, one which is the external interface and connects to a router which connects to dsl. the other is internal interface for our subnet. i have enabled natd on the machine, but still cannot get packets out when on the subnet. i can ssh to the external interface, but can't ssh to a machine that is outside of our network. i checked ps aux to make sure natd is running and checked the firewall rules to make sure the natd divert rule is there. is there something else i need to configure? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ** Get your free E-Mail account at WWW.DIGITELONE.COM ** ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: natd question
have you tried this reading this? http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html dont forget to set the gateway IP address of your network clients to the IP address of your FreeBSD nat server. hope this helps... - Gil Agno Virtucio Janitor/Collector/Messenger NEC System Integration and Construction Philippines Inc. 15th Floor BPI Buendia Center.__ ___ ___ . Gil Puyat Ave. Makati City 1200 / _/|__|/ | \|| Cellphone : +639163989695 / \ ___| /~\| Office Phone: +6328914167 \\_\ \ \Y/|___ \__ /__|\___|_ /|___ \ \/ \/ \/ - -Original Message- From: Michelle [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 22, 2003 6:00 AM To: [EMAIL PROTECTED] Subject: natd question i am running freebsd 4.6.2. i have 2 nic cards on the machine, one which is the external interface and connects to a router which connects to dsl. the other is internal interface for our subnet. i have enabled natd on the machine, but still cannot get packets out when on the subnet. i can ssh to the external interface, but can't ssh to a machine that is outside of our network. i checked ps aux to make sure natd is running and checked the firewall rules to make sure the natd divert rule is there. is there something else i need to configure? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ** Get your free E-Mail account at WWW.DIGITELONE.COM ** ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: natd question
Check this out: http://freebsd.peon.net/tutorials/12/ Cheers, Alhagie --- Michelle <[EMAIL PROTECTED]> wrote: > > On Tuesday, October 21, 2003, at 04:08 PM, Alhagie > Puye wrote: > > > Are you using ipfw or ipfilter? > > ipfw > > > > > > --- Michelle <[EMAIL PROTECTED]> wrote: > >> i am not aware of a natd.conf file. i edited the > >> rc.conf file to > >> enable natd and specify the interface. the > firewall > >> rule i am using > >> for natd is: add divert natd all from any to any > via > >> fxp0. > >> > >> On Tuesday, October 21, 2003, at 03:09 PM, > Alhagie > >> Puye wrote: > >> > >>> What does your natd.conf and firewall script > look > >>> like? Details would be helpful in diagnosing the > >>> problem. > >>> > >>> Cheers, > >>> Alhagie. > >>> --- Michelle <[EMAIL PROTECTED]> wrote: > i am running freebsd 4.6.2. i have 2 nic cards > >> on > the machine, one > which is the external interface and connects to > a > router which connects > to dsl. the other is internal interface for > our > subnet. i have > enabled natd on the machine, but still cannot > get > packets out when on > the subnet. i can ssh to the external > interface, > but can't ssh to a > machine that is outside of our network. i > >> checked > ps aux to make sure > natd is running and checked the firewall rules > to > make sure the natd > divert rule is there. is there something else > i > need to configure? > > ___ > [EMAIL PROTECTED] mailing list > > >>> > >> > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > >>> "[EMAIL PROTECTED]" > >>> > >>> > >>> __ > >>> Do you Yahoo!? > >>> The New Yahoo! Shopping - with improved product > >> search > >>> http://shopping.yahoo.com > >>> > >> > > > > > > __ > > Do you Yahoo!? > > The New Yahoo! Shopping - with improved product > search > > http://shopping.yahoo.com > > ___ > > [EMAIL PROTECTED] mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "[EMAIL PROTECTED]" > > > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: natd question
On Tuesday, October 21, 2003, at 04:08 PM, Alhagie Puye wrote: Are you using ipfw or ipfilter? ipfw --- Michelle <[EMAIL PROTECTED]> wrote: i am not aware of a natd.conf file. i edited the rc.conf file to enable natd and specify the interface. the firewall rule i am using for natd is: add divert natd all from any to any via fxp0. On Tuesday, October 21, 2003, at 03:09 PM, Alhagie Puye wrote: What does your natd.conf and firewall script look like? Details would be helpful in diagnosing the problem. Cheers, Alhagie. --- Michelle <[EMAIL PROTECTED]> wrote: i am running freebsd 4.6.2. i have 2 nic cards on the machine, one which is the external interface and connects to a router which connects to dsl. the other is internal interface for our subnet. i have enabled natd on the machine, but still cannot get packets out when on the subnet. i can ssh to the external interface, but can't ssh to a machine that is outside of our network. i checked ps aux to make sure natd is running and checked the firewall rules to make sure the natd divert rule is there. is there something else i need to configure? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: natd question
Are you using ipfw or ipfilter? --- Michelle <[EMAIL PROTECTED]> wrote: > i am not aware of a natd.conf file. i edited the > rc.conf file to > enable natd and specify the interface. the firewall > rule i am using > for natd is: add divert natd all from any to any via > fxp0. > > On Tuesday, October 21, 2003, at 03:09 PM, Alhagie > Puye wrote: > > > What does your natd.conf and firewall script look > > like? Details would be helpful in diagnosing the > > problem. > > > > Cheers, > > Alhagie. > > --- Michelle <[EMAIL PROTECTED]> wrote: > >> i am running freebsd 4.6.2. i have 2 nic cards > on > >> the machine, one > >> which is the external interface and connects to a > >> router which connects > >> to dsl. the other is internal interface for our > >> subnet. i have > >> enabled natd on the machine, but still cannot get > >> packets out when on > >> the subnet. i can ssh to the external interface, > >> but can't ssh to a > >> machine that is outside of our network. i > checked > >> ps aux to make sure > >> natd is running and checked the firewall rules to > >> make sure the natd > >> divert rule is there. is there something else i > >> need to configure? > >> > >> ___ > >> [EMAIL PROTECTED] mailing list > >> > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >> To unsubscribe, send any mail to > > "[EMAIL PROTECTED]" > > > > > > __ > > Do you Yahoo!? > > The New Yahoo! Shopping - with improved product > search > > http://shopping.yahoo.com > > > __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: natd question
i thought one only needed to use route command when routing between 3 or more networks. i have a local LAN and a subnet. however, i tried the command: route add -net 192.x.x.x 64.x.x.x i received the error message: route: writing to routing socket: File exists add net 192.x.x.x: gateway 64.x.x.x: Files exists On Tuesday, October 21, 2003, at 05:04 PM, Tyler McGeorge wrote: The next question on my mind would be whether or not you've established routes? `man route` Hope it helps, Tyler McGeorge ...to the rescue... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michelle Sent: Tuesday, October 21, 2003 3:00 PM To: [EMAIL PROTECTED] Subject: natd question i am running freebsd 4.6.2. i have 2 nic cards on the machine, one which is the external interface and connects to a router which connects to dsl. the other is internal interface for our subnet. i have enabled natd on the machine, but still cannot get packets out when on the subnet. i can ssh to the external interface, but can't ssh to a machine that is outside of our network. i checked ps aux to make sure natd is running and checked the firewall rules to make sure the natd divert rule is there. is there something else i need to configure? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: natd question
The next question on my mind would be whether or not you've established routes? `man route` Hope it helps, Tyler McGeorge ...to the rescue... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michelle Sent: Tuesday, October 21, 2003 3:00 PM To: [EMAIL PROTECTED] Subject: natd question i am running freebsd 4.6.2. i have 2 nic cards on the machine, one which is the external interface and connects to a router which connects to dsl. the other is internal interface for our subnet. i have enabled natd on the machine, but still cannot get packets out when on the subnet. i can ssh to the external interface, but can't ssh to a machine that is outside of our network. i checked ps aux to make sure natd is running and checked the firewall rules to make sure the natd divert rule is there. is there something else i need to configure? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
