Re: ipfw natd forward port 80
Hi, I have similar problem. I'm using IPF IPNAT to redirect outbound connection to the internal IP addr. It's been 4 months I can't solve it :( The result so far: The connection was refused (Netscape) Alert! Unable to connect (Lynx) TIA Here is the details IPF.CONF block in log all pass out all pass in on xl1 all pass in on lo all block in log quick on xl0 from 0.0.0.0/32 to any block in log quick on xl0 from 255.255.255.255/32 to any block in log quick on xl0 from 127.0.0.0/8 to any block in log quick on xl0 from any to 0.0.0.0/32 block in log quick on xl0 from any to 255.255.255.255/32 block in log quick on xl0 from any to 127.0.0.0/8 block in log quick on xl0 from 192.168.0.0/16 to any block in log quick on xl0 from 172.16.0.0/12 to any block in log quick on xl0 from 10.0.0.0/8 to any pass in quick on xl0 proto icmp all icmp-type 0 pass in quick on xl0 proto icmp all icmp-type 3 pass in quick on xl0 proto icmp all icmp-type 11 connections to machines block in log on xl0 proto tcp all flags S/SA block in log on xl0 proto tcp all flags SA/SA pass in quick on xl0 proto tcp from any to any port = 5557 flags S/SA keep state pass in quick on xl0 proto tcp from any to any port = 25 flags S/SA keep state pass in quick on lo0 proto tcp from any to any port = 25 flags S/SA keep state pass in quick on xl0 proto tcp from any to any port = 110 flags S/SA keep state pass in quick on lo0 proto tcp from any to any port = 110 flags S/SA keep state pass in quick on xl0 proto tcp from any to any port = flags S/SA keep state pass in quick on lo0 proto tcp from any to any port = flags S/SA keep state pass in quick on xl0 proto tcp from any to any port = 80 flags S/SA keep state pass in quick on lo0 proto tcp from any to any port = 80 flags S/SA keep state pass out on xl0 proto tcp all keep state note 5 block return-rst in on xl0 proto tcp from any to any port = 113 block in log quick on xl1 proto tcp from any to any port = 135 block in log quick on xl1 proto udp from any to any port = 135 block in log quick on xl1 proto udp from any to any port = 137 pass in log quick on xl1 proto udp from 192.168.0.1 to any port = 137 block in log quick on xl1 proto tcp from any to any port = 139 block in log quick on xl1 proto tcp from any to any port = 445 block in log quick on xl1 proto udp from any to any port = 138 pass in on xl0 proto udp from 202.xxx.xxx.xxx port = 53 to any pass in on xl0 proto udp from 202.xxx.xxx.xxx port = 53 to any IPNAT map xl0 192.168.0.0/24 - 202.xxx.xxx.xxx/32 portmap tcp/udp 1025:2 map xl0 192.168.0.0/24 - 202.xxx.xxx.xxx/32 rdr xl0 202.xxx.xxx.xxx/32 port - 192.168.0.89 port 80 tcp RC.CONF ifconfig_xl1=inet 192.168.0.27 netmask 255.255.255.0 ifconfig_xl0=inet 202.xxx.xxx.xxx netmask 255.255.255.240 gateway_enable=YES defaultrouter=202.xxx.xxx.xxx ntpdate_flags=ntp.cyber-fleet.net ntpdate_enable=YES sshd_enable=YES inetd_enable=YES hostname=AROMA.ialf.edu sendmail_enable=YES sendmail_flags=-bd sendmail_outbound_enable=NO sendmail_submit_enable=NO sendmail_msp_queue_enable=NO inetd_flags=-Ww ipfilter_enable=YES ipfilter_rules=/etc/ipf.conf ipnat_rules=/etc/ipnat.conf ipnat_flags=-CF ipmon_enable=YES --- Clement Laforet [EMAIL PROTECTED] wrote: On Thu, 7 Aug 2003 04:33:43 +0200 Clement Laforet [EMAIL PROTECTED] wrote: oups : use this natd_flags=-dynamic -redirect_port 192.168.1.150:80 80 natd_flags=-dynamic -redirect_port tcp 192.168.1.150:80 80 that's better ;) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://uk.messenger.yahoo.com/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw natd forward port 80
On Wed, 06 Aug 2003 21:28:19 -0700 [EMAIL PROTECTED] wrote: I want to forward port 80 from an outside ip to an internal ip of 192.168.1.150 dc1 is tun0 pppoe / dc0 is lan I have read what seems like 5 diff ways to do this but the only result has been to lock myself out of the computer. What have I missed. rc.conf settings firewall_enable=YES firewall_script=/etc/firewall/fwrules firewall_quiet=YES firewall_logging_enable=YES #log_in_vain=YES tcp_drop_synfin=NO tcp_restrict_rst=NO icmp_drop_redirect=YES natd_enable=YES natd_interface=tun0 natd_flags=-dynamic gateway_enable=YES ppp_enable=YES ppp_mode=ddial ppp_profile=default seems to be good. ipfw show 00050 fwd 192.168.1.150,80 tcp from any to 192.168.1.150 in via tun0 ^^ = BAD use this natd_flags=-dynamic -redirect_port 192.168.1.150:80 80 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw natd forward port 80
On Wed, 6 Aug 2003 20:55:47 -0500 (CDT) Mark [EMAIL PROTECTED] wrote: I am still unable to connect from the outside, from the kernel config # ipfw options options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT #To hide firewall from traceroute options IPSTEALTH #To hide from nmap, remove if create web server #options TCP_DROP_SYNFIN ok here my set up (I use pound for web traffic now but it used to work for year) kernel conf : options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT natd.conf : [EMAIL PROTECTED]|(553)| teapop-devel]# ssh charon.cultdeadsheep.org cat /etc/natd.conf log no deny_incoming no port8668 # use_sockets yes # # Avoid port changes if possible. Makes rlogin work # in most cases. # same_ports yes # verbose no interface tun0 unregistered_only yes redirect_port tcp 192.168.0.1:80 80 Now the debugging :) when you try a telnet your external IP 80 you have : 1. Connection refused : natds is'nt running 2. ping timeout : - your firewall is faulty or - your server is down or - your server doesn't have the right gateway ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw natd forward port 80
I am still unable to connect from the outside, from the kernel config # ipfw options options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT #To hide firewall from traceroute options IPSTEALTH #To hide from nmap, remove if create web server #options TCP_DROP_SYNFIN ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw natd forward port 80
I want to forward port 80 from an outside ip to an internal ip of 192.168.1.150 dc1 is tun0 pppoe / dc0 is lan I have read what seems like 5 diff ways to do this but the only result has been to lock myself out of the computer. What have I missed. rc.conf settings firewall_enable=YES firewall_script=/etc/firewall/fwrules firewall_quiet=YES firewall_logging_enable=YES #log_in_vain=YES tcp_drop_synfin=NO tcp_restrict_rst=NO icmp_drop_redirect=YES natd_enable=YES natd_interface=tun0 natd_flags=-dynamic gateway_enable=YES ppp_enable=YES ppp_mode=ddial ppp_profile=default ipfw show 00050 fwd 192.168.1.150,80 tcp from any to 192.168.1.150 in via tun0 00100 divert 8668 ip from any to any via tun0 00200 allow ip from any to any via lo0 00300 allow ip from any to any via dc0 00400 allow tcp from any to any out xmit tun0 setup 00500 allow tcp from any to any via tun0 established 00600 allow tcp from any to any dst-port 25 setup 00800 allow tcp from any to any dst-port 22 setup 01000 allow udp from any to x.x.x.x dst-port 53 out xmit tun0 01100 allow udp from x.x.x.x 53 to any in recv tun0 01200 allow icmp from any to any 01300 deny log ip from any to any 65535 allow ip from any to any from httpd.conf Listen 192.168.1.150:80 ServerName my.lameass.com:80 (( changed to protect me from my ignorance =) )) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw natd forward port 80
On Thu, 7 Aug 2003 04:33:43 +0200 Clement Laforet [EMAIL PROTECTED] wrote: oups : use this natd_flags=-dynamic -redirect_port 192.168.1.150:80 80 natd_flags=-dynamic -redirect_port tcp 192.168.1.150:80 80 that's better ;) ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
