Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

natd and redirect_port questions

Status
Not open for further replies.
slen

slen

IS-IT--Management
Jun 6, 2002
10
CA
Hey All

Bit of a strange problem. I have a FreeBSD 4.7 machine setup as NAT/Firewall protecting a small LAN from the outside world.

The NAT is working like a charm and I have left the firewall rules to "open" (firewall_type="open") for now to reduce the chance of it causing any problems while I setup a redirect_port option.

I have a rediret_port option that looks like this....

natd_flags="-redirect_port tcp 192.168.1.102:80 80"

Works like a charm from anywhere in the outside world, but all I get when I go to the Outside IP or URL, from inside the LAN, I get "server not found, The page cannot be displayed" error page.

My only gues is that it might be a firewall problem, but with it set to "open" why should it be?

Any help would be appreciated....
OPUS System Solutions

"If Linux doesn't have the solution, you have the wrong problem "
 
Sort by date Sort by votes
I would suggest to add line like:
ipfw add 50 allow ip from any to any
before all others - then it is guaranteed, that firewall is disablesd.
Firewall type "open" still denies some things.

After experiments just do
ipfw delete 50

If you worry about the "open time" while you will be testing, then change your deny rules to log what is denied and see /var/log/security or what file you have for security logs..to inspect the problem


 
Upvote 0 Downvote
Hey All

Well I have answered my own problem. In the rc.firewall script you will find a part that allows for the natd to work properly. Here it is as the default in the rc.firewal...

############
# Network Address Translation. All packets are passed to natd(8)
# before they encounter your remaining rules. The firewall rules
# will then be run again on each packet after translation by natd
# starting at the rule number following the divert rule.
#
# For ``simple'' firewall type the divert rule should be put to a
# different place to not interfere with address-checking rules.
#
case ${firewall_type} in
[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt])
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
fi
;;
esac
esac


The point we want to take notice of is the actual rule itself....

${fwcmd} add 50 divert natd all from any to any via ${natd_interface}

The very last part of this specifies the outside (WAN) network card, but for you to see internal web servers set to outside IP adresses you need to set is as follows....

${fwcmd} add 50 divert natd all from any to any via any

That fixes the problem. OPUS System Solutions

"If Linux doesn't have the solution, you have the wrong problem "
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
CentOS 7 and Putty
Replies
2
Views
203
SamBones
SamBones
KannaChan
  • Locked
  • Question
TLS1.2 and TLS1.0 proxy in same Virtualhost
Replies
1
Views
183
ChrisHirst
ChrisHirst
macrun95
  • Locked
  • Question
I had a cifs mount blow up and now
Replies
0
Views
90
macrun95
macrun95
eliogabalus
  • Locked
  • Question
apache and IP oddities
Replies
0
Views
111
eliogabalus
eliogabalus
ady2012
  • Locked
  • Question
I had 2 text files and same contain
Replies
5
Views
160
ady2012
ady2012

Part and Inventory Search

Sponsor

Back
Top