Joe wrote:
I have a question about natd/ and ipfw. I am running natd on my external
interface and I have some services on my internal interface.
The services seem to be getting their ip addresses nat'd and some of them
work and some of them dont.
Any idea how to prevent things
I figured out what the problem was. I had compiled my dhcp server with
USE_SOCKETS and am NOT running in a jail.
After a lot of searching the bug reports I came across an old bug that said
that USE_SOCKETS was added for jailed dhcp servers, because they do not have
access to bpf. It also
Joe wrote:
I have a question about natd/ and ipfw. I am running natd on my external interface and I have some services on my internal interface.
The services seem to be getting their ip addresses nat'd and some of them work and some of them dont.
Any idea how to prevent things from going
I have a question about natd/ and ipfw. I am running natd on my external
interface and I have some services on my internal interface.
The services seem to be getting their ip addresses nat'd and some of them work
and some of them dont.
Any idea how to prevent things from going into natd?
Hello Unix-Solutions,
Friday, January 27, 2006, 3:44:46 PM, you wrote:
google BGP
--
Best regards,
Playnetmailto:[EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
Hi you guy's,
I have a little problem with my natd or ipfw configuration.
Current situation:
ISP1 = Telenet (Belgium)
Speed: 20 mbit/s down 1 mbit/s upload
We get ip via dhcp
ISP2 = Versatel (Belgium)
Speed: 1 mbit/s down 1 mbit/s upload
We have a range with static ip's
Versatel is our
I use freebsd 5.4(with OPTION IPFW on and IPFIREWALL_DEFAULT_TO_ACCEPT
on)+apache+pureftp+natd to setup a server used for ftp/web server and
as a getway for share network too.
My network like this:
--(oip:x.x.x.a)--
| |
(oif:em0)--|
I had a similar setup
http://members.iinet.net.au/~yance/pppoenat.html
in rc.conf where you put gateway_enable=YES
this will appear
00100 28 2096 divert 8668 ip from any to any via dc0
You can add extra ipfw config using a script similar
to mine, and in rc.conf
hi,
how do i permanently set the rules for ipfw? whenever i restart my
FreeBSD server which has natd firewall enabled, the ipfw returns to
default which is 65535 151 14646 deny ip from any to any. so i need
to repeat ipfw -f flush and execute the commands below so that my
LAN can access the
Hi!
Tell me if I should post this otherwhere.
Given two network cards sis0 (external) and vr0 (internal) I'm trying
to give my girlfriend access to the web. Her ip is 192.168.0.2,
I've installed natd, a proper kernel and configured my firewall,
but so far only pings from her computer to the web
It's been a while but I'll see if I can help out.
On Friday, March 4, 2005, at 06:52 PM, Florian Hengstberger wrote:
Hi!
Tell me if I should post this otherwhere.
Given two network cards sis0 (external) and vr0 (internal) I'm trying
to give my girlfriend access to the web. Her ip is 192.168.0.2,
.oO( Internet )Oo.
||
||
[DSL--]
[ adsl router ] - No Nat
[-]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
On Fri, Jun 04, 2004 at 07:37:15AM +0800, Khairil Yusof wrote:
On Thu, 2004-06-03 at 11:26 +0200, Christoph Kukulies wrote:
Anyway, the prsent (simple) natd rules don't seem to suffice.
If I'm not wrong, ms netmeeting and msn messenger (audio,video) do not
work over nat. There are some
I have problems getting a MC netmeeting seession established
across a FreeBSD gateway (5.2-current).
Anyway, the prsent (simple) natd rules don't seem to suffice.
Does anyone have a set of rules to
accomplish this?
Thanks.
--
Chris Christoph P. U. Kukulies kuku_at_kukulies.org
On Thu, 2004-06-03 at 11:26 +0200, Christoph Kukulies wrote:
Anyway, the prsent (simple) natd rules don't seem to suffice.
If I'm not wrong, ms netmeeting and msn messenger (audio,video) do not
work over nat. There are some third party windows utilities available to
enable this to work. I have
On Thursday 03 June 2004 11:26, Christoph Kukulies wrote:
I have problems getting a MC netmeeting seession established
across a FreeBSD gateway (5.2-current).
Anyway, the prsent (simple) natd rules don't seem to suffice.
In most cases you want to use username to ip mapping and a proxy, if
Gaming Server
Anchorage, Alaska
http://games.mystic1.net
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 25, 2004 6:24 PM
To: [EMAIL PROTECTED]
Subject: Bandwidth hit in natd/ipfw on 4.4-RELEASE
Hey, I just my got NAT box running 4.4-RELEASE
On Thu, Mar 25, 2004 at 08:24:04PM -0700, [EMAIL PROTECTED] typed:
Hey, I just my got NAT box running 4.4-RELEASE on an old Pentium 90 and
I'm experiencing a number of problems and I think they're related..
there's been a major bandwidth hit in all my web surfing and my ICQ, AOL and MSN
Ruben de Groot wrote:
4.4-RELEASE is quite old. Have you considered the possibility that you
got rooted?
I'm sure it's /possible/, but extraordinarily unlikely. The server's
only been three days and I'm on a university resnet; I'd guess that no
port below 1024 is accessible from outside my
On Fri, Mar 26, 2004 at 10:43:56AM -0400, Matt Coe, CCNA typed:
Ruben de Groot wrote:
4.4-RELEASE is quite old. Have you considered the possibility that you
got rooted?
I'm sure it's /possible/, but extraordinarily unlikely. The server's
only been three days and I'm on a university
Hey, I just my got NAT box running 4.4-RELEASE on an old Pentium 90 and
I'm experiencing a number of problems and I think they're related..
there's been a major bandwidth hit in all my web surfing and my ICQ, AOL and MSN
(using both Trillian and Messenger) are dropping connections -- a lot. I
8668 ip from any to any via ed1
65535 1072 60182 allow ip from any to any
# cat /etc/services | grep natd
natd8668/divert # Network Address Translation
Btw, when I used ipf + ipnat, internet for LAN users was good enough, but now it's
horrible with natd + ipfw
, March 10, 2004 10:18 AM
To: freebsd-questions
Subject: natd + ipfw - very slow internet for LAN users
Hi,
i'm sharing internet to my local area network (LAN) users with my
router. Everything would be fine, but internet is very slow. I
tried to ping my ISP. Ping reply is ~50ms. It means
On Thu, Feb 05, 2004 at 08:39:40PM -0500, Mikhail Teterin wrote:
[Now CC-ing Chuck Cranor -- the en's author]
= = http://store.yahoo.com/softbuyweb/inpcidslmod3.html
= The en(4) manual page and the description of this product (on the
= page above) as one based on
On 02/05/04 18:12:20 -0800 Julian Elischer wrote:
I don't KNOW of any DSL cards that are supported but it's difficult to
keep abreast of ALL developments :-)
what about the Sangoma S518 card?
The BSDMall has it: http://www.bsdmall.com/sanadpcicon.html
-Andreas
Hello!
My current network setup consists of the ISP-provided DSL-modem plugged
into the little switch together with the rest of the network. One of the
machines on the runs natd and the others use it as the default router.
To get better protection I should be using a separate Ethernet card, into
On Thu, 5 Feb 2004 [EMAIL PROTECTED] wrote:
Hello!
My current network setup consists of the ISP-provided DSL-modem plugged
into the little switch together with the rest of the network. One of the
machines on the runs natd and the others use it as the default router.
To get better
=On Thu, 5 Feb 2004 [EMAIL PROTECTED] wrote:
= But what about an internal modem? Like
=
= http://store.yahoo.com/softbuyweb/inpcidslmod3.html
=What makes you think we have a driver for this?
The en(4) manual page and the description of this product (on the page
above) as one based on
On Thu, 5 Feb 2004 [EMAIL PROTECTED] wrote:
=On Thu, 5 Feb 2004 [EMAIL PROTECTED] wrote:
= But what about an internal modem? Like
=
=http://store.yahoo.com/softbuyweb/inpcidslmod3.html
=What makes you think we have a driver for this?
The en(4) manual page and the description
[Now CC-ing Chuck Cranor -- the en's author]
= = http://store.yahoo.com/softbuyweb/inpcidslmod3.html
= =What makes you think we have a driver for this?
= The en(4) manual page and the description of this product (on the
= page above) as one based on Efficient Network's chip.
net CC removed...
Mikhail Teterin wrote:
So, back to the original question -- am I likely to have to any problems
with natd and ipfw dealing with this non-Ethernet interface -- assuming
en-driver attaches to this card at all?
wait, why not just take the ethernet cable from the inside interface on
On Thu, 5 Feb 2004, Mikhail Teterin wrote:
[Now CC-ing Chuck Cranor -- the en's author]
= = http://store.yahoo.com/softbuyweb/inpcidslmod3.html
= =What makes you think we have a driver for this?
= The en(4) manual page and the description of this product (on the
Good morning!
I have 4.9-release. I'm interesting natd and ipfw.
My tested box have two interface 172.16.0.10/29 and 195.161.208.210/30.
# ifpw list
00500 divert 8668 ip from any to not 172.16.0.8/29
01000 allow ip from any to any
# natd -v -a 195.161.208.210
When I ping 195.161.208.130 from
On Sun, Dec 07, 2003 at 01:11:40PM +0300, Lev Klimin wrote:
then natd don't change source address, and ping don't work. I thinked
that natd must do NAT whenever and wherever it work. May I be
mistaken?
You may be. I had a problem a few months ago that seemed very similar.
In the end I gave up
Message -
From: Jose Albores [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, September 14, 2003 12:57 PM
Subject: Problem(s) resolving names with natd/ipfw.
The problem summary is as follows:
I'm setting up a very simple LAN at home using only
two machines with fixed private ip
Just enabling named solved the problem. I only added two or three
named_... entries from /etc/default/rc.conf to /etc/rc.conf, changing
NO for YES and nothing else.
Even without modifying de default config files (named.conf and any
other, eventually) the FreeBSD gateway began to forward
with alphabetic names (should be
called a DNS problem?) but it YES CAN do it with ip
addresses (numbers).
AFAIK (being a newbie in networking issues) it seems
that no problems arise from the gateway side after
setting up natd/ipfw.
From the client, I can ping to numeric addresses
locally and outside
Brian McCann wrote:
Hi all. I'm having an issue with security while trying to get natd to
work with ipfw. I got my ipfw rules working great, so I added the natd
line in:
ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE
But I can't do anything (ping, fetch, etc) until I add:
Hi all. I'm having an issue with security while trying to get natd to
work with ipfw. I got my ipfw rules working great, so I added the natd
line in:
ipfw add divert 8668 all from any to any via $EXTERNAL_INTERFACE
But I can't do anything (ping, fetch, etc) until I add:
ipfw add pass all
President / CEO
Infinite Visions Educational Systems Inc.
Anchorage, AK
[EMAIL PROTECTED]
-Original Message-
From: Brian McCann [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 01, 2003 6:54 PM
To: [EMAIL PROTECTED]
Subject: NATD IPFW
Hi all. I'm having an issue with security while
Hello,
I have a t1 with 16 ip's, which I need to share
around this office. Some of those real/routable IP's
I want to assign internally in the office, while at
the same time them to be behind my FreeBSD
firewall/dummynet pc.
t1Router
209.150.x.145
|
I try to allow the connection to a pc in my lan but I could
I would like to connect Remote Desktop port 3389 from internet to
machine B but I could.
These are my machines:
A FreeBSD: (rl0 A-NIC) to (DSL Modem) no-ip
-gateway(ed0 A-NIC) to (HUB-1) 192.168.0.11
Folks,
I've done port-forwarding before on several different FW/NAT
devices, but damned if I can get it going on FreeBSD. At first
I tried with PPP's builtin NAT, and when that failed I switched
to natd. I did google searches and even searched the FreeBSD
list archives but did not find any
On Thu, 24 Oct 2002, Alan McKay wrote:
Folks,
I've done port-forwarding before on several different FW/NAT devices,
but damned if I can get it going on FreeBSD. At first I tried with
PPP's builtin NAT, and when that failed I switched to natd. I did
google searches and even searched the
What does `ipfw -a l` show?
That seems to be the same as ipfw show, which I used to
determine that there do not seem to be any 'deny' rules hit.
So I cannot really tell where those packets are going. I can
hit my port 80 from work no problem (www.bodensatz.com), but
8080 no deal. So it
On Thu, 24 Oct 2002, Alan McKay wrote:
What does `ipfw -a l` show?
That seems to be the same as ipfw show, which I used to determine that
there do not seem to be any 'deny' rules hit. So I cannot really tell
where those packets are going. I can hit my port 80 from work no
problem
If indeed your internal machine is excepting connections on port
8080 (can be tested from the firewall box using telnet) then this
Cannot telnet to 8080 so it must be nat, but my natd.conf looks
good to me. dunno what's up. nat itself is working otherwise I
wouldn't be talking to
sounds like a firewalling problem. Set your firewall type to
OPEN, reboot and see if it works. If it does, then you need to
examine your firewall rules better.
Nope, still no go :-(
I'll wait til my buddy is back from vacation as I think he got
it going on his fbsd box
-
From: Nick Rogness [EMAIL PROTECTED]
To: Alan McKay [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, October 24, 2002 8:16 PM
Subject: Re: help with webcam through natd + ipfw
On Thu, 24 Oct 2002, Alan McKay wrote:
What does `ipfw -a l` show?
That seems to be the same as ipfw show
On Thu, 24 Oct 2002, Alan McKay wrote:
If indeed your internal machine is excepting connections on port
8080 (can be tested from the firewall box using telnet) then this
Cannot telnet to 8080 so it must be nat, but my natd.conf looks good to
me. dunno what's up. nat itself is
]
Sent: Thursday, October 24, 2002 8:16 PM
Subject: Re: help with webcam through natd + ipfw
On Thu, 24 Oct 2002, Alan McKay wrote:
What does `ipfw -a l` show?
That seems to be the same as ipfw show, which I used to determine that
there do not seem to be any 'deny' rules hit
: Re: help with webcam through natd + ipfw
On Thu, 24 Oct 2002, Charles Pelletier wrote:
question...
having never dealt with IPFW and nat, does ipnat.conf need to exist? i
wonder this because it seems like a great majority of problems that
exist with IPF can be solved by having a correct
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Scott,
Tuesday, October 22, 2002, 7:15:41 PM, you wrote:
In regards to my last question ... or does anyone even
know how to block all traffic from a MAC ID?
IPFW2 allows to match ip packets using MAC. It is not used
in stable by
In regards to my last question ... or does anyone even know how to
block all traffic from a MAC ID?
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
55 matches
Mail list logo
