Re: IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease
From: billy (billy@isilon.com)
Date: 09/25/02
- Next message: twig les: "Re: SSH.com on FreeBSD"
- Previous message: Peter C. Lai: "Re: SSH.com on FreeBSD"
- In reply to: Juraj Petrik: "IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease"
- Next in thread: jeremie le-hen: "Re: IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease"
- Reply: jeremie le-hen: "Re: IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Sep 2002 13:53:50 -0700 (PDT) From: billy <billy@isilon.com> To: Juraj Petrik <juro@software602.sk>
Sorry for the previous empty post.
You don't seem to be using dummynet, ipfw, or ipdivert, so you should
probably not have them turned on in the kernel.
Are you sure that you don't have a rule that's blocking the redirect
or the response from the relevant interfaces?
I know that ipnat will not redirect packets out the same interface they
came, but that doesn't seem to be a problem here.
If you do an ipnat -l, do you see your rdr's in the listing, and do you
see any active connections after you attempt to connect from the WAN side?
-billy
On Wed, 25 Sep 2002, Juraj Petrik wrote:
> hello,
> can you help me, please,
>
> I'm trying to run firewall with using
> IPFilter, IPNAT and Dummynet, on FreeBSD
>
> I'm readed so much HOWTOs but, I can't do
> redirection to another server in internal
> network:
> rl0 - WAN (194.x.x.0/24) 194.x.x.22 if FreeBSD box
> rl1 - LAN (192.168.1.0/24) 192.168.1.22 if FreeBSD box
> rl2 - DMZ (10.0.0.0/24) 10.0.0.22 if FreeBSD box
>
> my server is now on LAN, not on DMZ.
>
> I'm using FreeBSD 4.7 prerelease from CVS.
>
> In kernel config have added:
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=30
> options IPFIREWALL_FORWARD
> options IPFIREWALL_DEFAULT_TO_ACCEPT
> options IPDIVERT
> options DUMMYNET
>
> options IPFILTER
> options IPFILTER_LOG
> options IPFILTER_DEFAULT_BLOCK
> options RANDOM_IP_ID
>
> in /etc/rc.conf have:
> tcp_extensions="YES"
> gateway_enable="YES"
> portmap_enable="NO"
>
> #firewall_enable="YES"
> #firewall_type="/etc/dummynet.conf"
> #firewall_logging="NO"
>
> ipfilter_enable="YES"
> ipfilter_flags=""
> ipfilter_rules="/etc/ipf.conf"
>
> ipnat_enable="YES"
> ipnat_flags=""
> ipnat_rules="/etc/ipnat.conf"
>
> ipmon_enable="YES"
> ipmon_flags="-Dns -l block"
>
> in /etc/ipf.conf:
> pass in log all
> pass out log all
>
> in /etc/ipnat.conf:
> map rl0 192.168.1.0/24 -> 194.x.x.22/32
> map rl0 0/0 -> 194.x.x.22/32 proxy port ftp ftp/tcp
>
> map rl0 192.168.1.0/24 -> 194.x.x.22/32 portmap tcp/udp 12500:60000
> map rl0 192.168.1.0/24 -> 194.x.x.22/32
>
> rdr rl0 194.x.x.22/32 port 80 -> 192.168.1.35 port 80
> rdr rl0 194.x.x.22/32 port 22 -> 192.168.1.35 port 22
>
> NAT from LAN to internet works OK,
> but from Internet I can't redirct connect to server
> on LAN (192.168.1.35)
>
> Please help me ANYBODY!!!!
> -jp-
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: twig les: "Re: SSH.com on FreeBSD"
- Previous message: Peter C. Lai: "Re: SSH.com on FreeBSD"
- In reply to: Juraj Petrik: "IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease"
- Next in thread: jeremie le-hen: "Re: IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease"
- Reply: jeremie le-hen: "Re: IPNAT + IPFILTER + DUMMYNET + FreeBSD 4.7prerelease"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
