Question about ipfw, natd and port forwarding.
Hi all, I am trying to setup a NAT box for my home network on freebsd 5.3. I am using ipfw and natd. I already got nat running but I am having problem with port forwarding. I am trying to forward port 80 on the nat box to an internal machine (192.168.0.7). I have the following as part of natd_flags: -redirect_port tcp 192.168.0.7:80 xx.xx.xx.xx:80 where xx.xx.xx.xx is the external IP of the nat box. Using the following ipfw rules: 00050 divert 8668 ip from any to any via sis0 65535 allow ip from any to any I have no problem connecting port 80 on the nat box from outside. But as I added stateful ipfw rules, it stops working. Running nmap from outside says port 80 is filtered. I am not sure how to configure the rules to enable port forwarding. Any help will be appreciated. Thanks. Deling Here are my ipfw rules: 5 allow ip from any to any via $iif 00010 allow ip from any to any via lo0 00014 divert 8668 ip from any to any in via $oif 00015 check-state 00060 skipto 800 tcp from any to any out via $oif setup keep-state 00080 skipto 800 icmp from any to any out via $oif keep-state 00130 skipto 800 udp from any to any out via $oif keep-state 00340 allow icmp from any to me in via $oif keep-state 00360 allow tcp from any to any dst-port 80 in via $oif setup keep-state 00380 allow tcp from any to me dst-port 22 in via $oif setup limit src-addr 5 00400 deny log logamount 5 ip from any to any in via $oif 00450 deny log logamount 5 ip from any to any out via $oif 00800 divert 8668 ip from any to any out via $oif 00801 allow ip from any to any 00999 deny log logamount 5 ip from any to any ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Can't su, already in wheel group.
Hi al, I am trying to install an embedded freebsd 5.3 onto a single board computer. Since I am trying to fit everything into a 128M CF, I can't do a normal installation. Instead, I copied over from a PC. It seems to be running well, except I can't su. The user is in wheel group: %pw user show admin admin:*:1500:0::0:0:User :/home/admin:/bin/tcsh %id admin uid=1500(admin) gid=0(wheel) groups=0(wheel) I copied the whole /etc/pam.d directory. I can login with root and admin without a problem from the serial console. I can also ssh. But whenever I try to su from admin, I get the error message from the console: su: Jan 18 00:29:56 soekris su: BAD SU admin to root on /dev/ttyd0 the pam libs seem to be there too: %ls /usr/lib/pam_* /usr/lib/pam_chroot.so /usr/lib/pam_opie.so /usr/lib/pam_chroot.so.2/usr/lib/pam_opie.so.2 /usr/lib/pam_deny.so/usr/lib/pam_opieaccess.so /usr/lib/pam_deny.so.2 /usr/lib/pam_opieaccess.so.2 /usr/lib/pam_echo.so/usr/lib/pam_passwdqc.so /usr/lib/pam_echo.so.2 /usr/lib/pam_passwdqc.so.2 /usr/lib/pam_exec.so/usr/lib/pam_permit.so /usr/lib/pam_exec.so.2 /usr/lib/pam_permit.so.2 /usr/lib/pam_ftpusers.so/usr/lib/pam_radius.so /usr/lib/pam_ftpusers.so.2 /usr/lib/pam_radius.so.2 /usr/lib/pam_group.so /usr/lib/pam_rhosts.so /usr/lib/pam_group.so.2 /usr/lib/pam_rhosts.so.2 /usr/lib/pam_guest.so /usr/lib/pam_rootok.so /usr/lib/pam_guest.so.2 /usr/lib/pam_rootok.so.2 /usr/lib/pam_krb5.so/usr/lib/pam_securetty.so /usr/lib/pam_krb5.so.2 /usr/lib/pam_securetty.so.2 /usr/lib/pam_ksu.so /usr/lib/pam_self.so /usr/lib/pam_ksu.so.2 /usr/lib/pam_self.so.2 /usr/lib/pam_lastlog.so /usr/lib/pam_ssh.so /usr/lib/pam_lastlog.so.2 /usr/lib/pam_ssh.so.2 /usr/lib/pam_login_access.so/usr/lib/pam_tacplus.so /usr/lib/pam_login_access.so.2 /usr/lib/pam_tacplus.so.2 /usr/lib/pam_nologin.so /usr/lib/pam_unix.so /usr/lib/pam_nologin.so.2 /usr/lib/pam_unix.so.2 anybody have idea what else could have gone wrong? Thanks in advance. Deling ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
About Courier 10 Pitch font.
Hi all, which font file corresponds to Courier 10 Pitch font which comes with XFree86 4.3? I wanted to copy the font to my Mac. Thanks in advance. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: redirect port
Are you using ipfilter or ipfw? In the former case, read this how-to: http://www.obfuscation.org/ipf/ipf-howto.html Deling On Sat, 2 Jan 1999, Stanley Chan wrote: Dear Friends, The example in the NAT documents is sufficient, can anyone tell me how to redirect ports in the NAT machine. How to put the following command in the rc.conf ? I want to use one of the amchine behind the NAT to run web server. -redirect_port tcp 192.168.0.2:6667 6667 -redirect_port tcp 192.168.0.3:80 80 Thanks Sanley ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can not make clean etc.
On Sat, 7 Feb 2004, Lowell Gilbert wrote: Don't top-post, please. Sorry about that. Deling Ren [EMAIL PROTECTED] writes: On Sat, 7 Feb 2004, Lowell Gilbert wrote: Deling Ren [EMAIL PROTECTED] writes: Hi all, I am experiencing a nasty problem: I can not make clean or make update etc under /usr/port. In most of the ports, I can not even make install. They all yield a common error: Missing }. This problem also exists when I tried to compile the kernel by running config and make depend. But I have no problem with make buildkernel KERNCONF= I even tried to cvsup to the lastest port, didn't help. I suspect a makefile that is commonly used is corrupted. Can anyone give a a clue where to find it? It's 5.2 RC1. Any suggestion will be appreciated. Just a guess: 'which make' doesn't reply with /usr/bin/make? Thanks for your reply, which make returned /usr/bin/make. There are some ports that I can make install, such as gettext, but others have problems, e.g. mutt. I can make, but not make install :( Your ports makefiles (/usr/ports/Mk) might be corrupted somehow. Look at bsd.port.mk in particular. Actually I already cvsuped to the lastest port. Anyway, I swiped out the whole /usr/ports directory and extracted from the install CD. The result was still the same. Since it also affected building the kernel. I suspected it was make. I extracted make from the CD and overwrote the existing one and that didn't help either. Then I made a discovery which is that if I use /usr/bin/make update instead of make update, it would be fine. I ran which make again and it did show /usr/bin/make. I later found out it was due to some tcsh settings. I am using the settings from tcshrc.sf.net. After removing those rc files, it works well now. I haven't yet figured out where exactly the problem is, but I am glad I don't have to reinstall everything, which would be a nightmare. Thanks a lot for your help. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Can not make clean etc.
Hi all, I am experiencing a nasty problem: I can not make clean or make update etc under /usr/port. In most of the ports, I can not even make install. They all yield a common error: Missing }. This problem also exists when I tried to compile the kernel by running config and make depend. But I have no problem with make buildkernel KERNCONF= I even tried to cvsup to the lastest port, didn't help. I suspect a makefile that is commonly used is corrupted. Can anyone give a a clue where to find it? It's 5.2 RC1. Any suggestion will be appreciated. Regards, Deling ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Can not make clean etc.
Thanks for your reply, which make returned /usr/bin/make. There are some ports that I can make install, such as gettext, but others have problems, e.g. mutt. I can make, but not make install :( Regards, Deling On Sat, 7 Feb 2004, Lowell Gilbert wrote: Deling Ren [EMAIL PROTECTED] writes: Hi all, I am experiencing a nasty problem: I can not make clean or make update etc under /usr/port. In most of the ports, I can not even make install. They all yield a common error: Missing }. This problem also exists when I tried to compile the kernel by running config and make depend. But I have no problem with make buildkernel KERNCONF= I even tried to cvsup to the lastest port, didn't help. I suspect a makefile that is commonly used is corrupted. Can anyone give a a clue where to find it? It's 5.2 RC1. Any suggestion will be appreciated. Just a guess: 'which make' doesn't reply with /usr/bin/make? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
L2TP server?
Hi all, I searched the archive and didn't find any relevant information. Here is my situation: I have a FreeBSD box running as my gateway/firewall at home. I want to set up a VPN connection from my laptop (in office) to the router via public Internet. My laptop runs Mac OS X 10.3 and supports L2TP over IPSec. So I suppose I need to set up a L2TP server on the box. I did a little research and didn't find too much information. I am not very familiar with IPSec or L2TP. If anyone could give me some pointers and hints, I would appreciate very much Regards Deling ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: NAT
It depends on what you are using, ipf or ipfw? On Sun, 25 Jan 2004, Stanley Chan wrote: Dear All, I am building my NAT and firewall using FreeBSD 4.9. Can anyone tell me how to configure the Address Redirection. which file should I use.The explanation on the handbook is not so clear. Also, if I have built up the NAT , can I use my external IPs because I need to build another web server and mail server behind the NAT machine. Thanks Stanley ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]