Port Redirect works but doesn't redirect internal traffic

Port Redirect works but doesn't redirect internal traffic

Post by Max Fin » Wed, 15 Jan 2003 07:49:26



I have two FBSD-4.6 servers. Machine 'A' connects to the internet via 56K
modem and runs NATD for internal unregistered Class 'C' network. Machine 'B'
is on this internal network and runs Apache web server. Machine 'A'
redirects traffic for port 80 to machine 'B'. This works great. So far so
good!

When I try to access the webserver from a Windows workstation on the
internal network, I cannot get to it. Outside traffic from the internet gets
directed just fine, but nothing internal can access the web server.

Here are my setup files:

/etc/rc.conf
======================================================
.
natd_enable="YES"
natd_interface="tun0"
natd_flags="-f /etc/natd.conf"
======================================================

/etc/natd.conf
======================================================
dynamic
redirect_port udp 192.168.100.253:80 80
redirect_port tcp 192.168.100.253:80 80
======================================================

Is it possible that I need to add my NIC ed0 to the natd_interface setting
in the /etc/rc.conf file? Is it possible to have both devices as a NATD
interface?

 
 
 

Port Redirect works but doesn't redirect internal traffic

Post by John Nielse » Wed, 15 Jan 2003 08:42:01



> I have two FBSD-4.6 servers. Machine 'A' connects to the internet via 56K
> modem and runs NATD for internal unregistered Class 'C' network. Machine
> 'B' is on this internal network and runs Apache web server. Machine 'A'
> redirects traffic for port 80 to machine 'B'. This works great. So far so
> good!

> When I try to access the webserver from a Windows workstation on the
> internal network, I cannot get to it. Outside traffic from the internet
> gets directed just fine, but nothing internal can access the web server.

That behavior is by design.  natd only looks at traffic that touches the
external interface.  Use the internal address to access your server from the
internal network.  If you're doing name-based virtual hosting or anything
like that, you can run your own DNS server to achieve the desired results.
Search for previous threads on this topic for more outlandish suggestions
and perhaps more info.

JN

--
Remove pig-latin to reply by e-mail

 
 
 

1. natd doesn't redirect from external ip to internal ip!

i have natd set to  -deny_packet yes
so FreeBSD is acting in  "Stealth" mode in all ways.
the problem is that i have apache running on the same machine which is
logically Stealth from outside ( via -deny_packet yes ) so i have to
use -redirect_port tcp internal.ip:80 80 to redirect all requests to it ,
but it doesn't work!!! is the above syntax correct for redirecting to port
80 on the same machine? do i miss somethnig here?
-redirect_port tcp  another.machine.inside.LAN:80 80
is working great!
only if i want to redirect the port to the same machine , it seems that it
doesn't understand ;)
i was wondering if i have the same problem with other daemons too , imagine
i have port 25 also open and i want to redirect to it , what is the best
soloution while natd -d  is on? please refresh my mind!

thanx

2. Installing sendmail in SCO 5

3. redirect requests to /browserspy.com doesn't work

4. IBM 22 GByte hard disk

5. Redirect URL- IE doesn't work!

6. Missing "giflib23" during compile of Khylafax

7. iptables --sport doesn't seem to work with REDIRECT

8. Partitioning problems -help!

9. Redirect doesn't work for IE

10. redirect traffic based on ports

11. redirect port 80 traffic to machine inside firewall?

12. Redirecting Traffic based on Port Nr.

13. redirecting all port 80 requests on internal lan to squid proxy on external lan