Re: arp request problem with firewall

2003-12-30 Thread horio shoichi 
On Mon, 29 Dec 2003 16:30:40 -0800 (PST)
Terry Singh [EMAIL PROTECTED] wrote:
 this is my first post to freebsd questions. 
 
 MY NETWORK
 
 Internet -- WAN_IF | FIREWALL - 5.1 RELASE | LAN_IF -- LAN network
 
 The WAN_IF has several public addresses as aliases. I have about 20 servers in
 the LAN that require various services allowed to the public Internet. 
 
 I basically am doing a bimap one to one mapping per server in the LAN.
 This all works great, meaning I can surf etc etc from any LAN server to the
 Internet and also, from the Internet I can get published services on LAN
 servers. 
 
 Here's the problem:
 I already mentioned that each server with a 192.168.50.x address is bimaped
 to a public address. The problem is that if I am on any of the LAN servers, and
 want to connect to the public address of a server in the LAN, I CANNOT.
 Now first of, I could connect using private addresses and of course this works
 like it should. But our applications have real DNS names coded in the apps so I
 need this to work. 
 
 I know it has something to be with proxy arp so I even tried placing this line
 in sysctl.conf: net.link.ether.inet.proxyall=1.\
 no luck.
 
 ANY IDEAS?
 
 --
 Second problem
 One of the LAN servers is a FTP server. From the Internet, I can only connect
 using ACTIVE MODE even though I allow both 20/21/tcp inbound. Here's what
 happens when passive mode is used: The initial connection is accepted, but then
 the server sends its private address instead of its proper public address! Of
 course it's not gonna work! So I forced active mode and voila! it worked.
 What's the fix for this bugger? I now outbound FTP has some built-in proxy ftp
 in freebsd but what about inbound?
 
 thanks, tsingh.
 
 
 
 
 __
 Do you Yahoo!?
 New Yahoo! Photos - easier uploading and sharing.
 http://photos.yahoo.com/
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]
 

1. The network configuration like yours is known not to work. The reason and
workarounds are best detailed here.

http://www.openbsd.org/faq/pf/rdr.html#reflect

2. The wu-ftp and proftp have the ability to advertize arbitrary address.
There may be others, but I don't know.



horio shoichi

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

arp request problem with firewall

2003-12-29 Thread Terry Singh 
this is my first post to freebsd questions. 

MY NETWORK

Internet -- WAN_IF | FIREWALL - 5.1 RELASE | LAN_IF -- LAN network

The WAN_IF has several public addresses as aliases. I have about 20 servers in
the LAN that require various services allowed to the public Internet. 

I basically am doing a bimap one to one mapping per server in the LAN.
This all works great, meaning I can surf etc etc from any LAN server to the
Internet and also, from the Internet I can get published services on LAN
servers. 

Here's the problem:
I already mentioned that each server with a 192.168.50.x address is bimaped
to a public address. The problem is that if I am on any of the LAN servers, and
want to connect to the public address of a server in the LAN, I CANNOT.
Now first of, I could connect using private addresses and of course this works
like it should. But our applications have real DNS names coded in the apps so I
need this to work. 

I know it has something to be with proxy arp so I even tried placing this line
in sysctl.conf: net.link.ether.inet.proxyall=1.\
no luck.

ANY IDEAS?

--
Second problem
One of the LAN servers is a FTP server. From the Internet, I can only connect
using ACTIVE MODE even though I allow both 20/21/tcp inbound. Here's what
happens when passive mode is used: The initial connection is accepted, but then
the server sends its private address instead of its proper public address! Of
course it's not gonna work! So I forced active mode and voila! it worked.
What's the fix for this bugger? I now outbound FTP has some built-in proxy ftp
in freebsd but what about inbound?

thanks, tsingh.




__
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]