port forwarding with natd not working

port forwarding with natd not working

Post by Nick Tonk » Mon, 27 Jan 2003 01:25:10



Hello,

I cannot get port forwarding to work with natd.

I have the following setup:

FreeBSD 4.4-PRERELEASE

In /etc/rc.conf:

natd_enable="YES"
natd_program="/sbin/natd"
natd_flags="-f /etc/natd.conf"
In /etc/natd.conf:

interface fxp0
log yes
redirect_port tcp fatboy:80 50000

NAT has been working for years on this box. I just added the port
forwarding rule but it doesn't appear to work. Browsers (MSIE, lynx)
just say host unreachable.

Any clues?

Thanks,

Nick

 
 
 

port forwarding with natd not working

Post by John Nielse » Mon, 27 Jan 2003 07:40:55



> Hello,

> I cannot get port forwarding to work with natd.

> I have the following setup:

> FreeBSD 4.4-PRERELEASE

You'll want to update for security reasons if nothing else..

Quote:> In /etc/rc.conf:

> natd_enable="YES"
> natd_program="/sbin/natd"
> natd_flags="-f /etc/natd.conf"

Fine.

Quote:> In /etc/natd.conf:

> interface fxp0
> log yes
> redirect_port tcp fatboy:80 50000

Looks good, assuming that's what you want.  Requests on on tcp port 50000 on
the external interface will be forwarded to port 80 on "fatboy" on the
internal network.  One hopes that "fatboy" is defined in /etc/hosts.  Note
that natd port redirection only works from the outside.  That is, if you
point a browser on your internal network at your natd box, you won't get
anywhere.

Quote:> NAT has been working for years on this box. I just added the port
> forwarding rule but it doesn't appear to work. Browsers (MSIE, lynx)
> just say host unreachable.

I tend to get things backwards when I set up port forwarding.  Take another
look at the natd manpage and think through what you'd like to do.  It should
work.

JN

--
Remove pig-latin to reply by e-mail

 
 
 

port forwarding with natd not working

Post by Nick Tonki » Mon, 27 Jan 2003 10:42:03


On Sat, 25 Jan 2003 22:40:55 GMT, "John Nielsen"



>> Hello,

>> I cannot get port forwarding to work with natd.

>> I have the following setup:

>> FreeBSD 4.4-PRERELEASE

>You'll want to update for security reasons if nothing else..

Well, this whole exercise is to get my 4.7-RELEASE up and configgered
so I can move to that and decommission the old box.

Quote:

>> In /etc/rc.conf:

>> natd_enable="YES"
>> natd_program="/sbin/natd"
>> natd_flags="-f /etc/natd.conf"

>Fine.

>> In /etc/natd.conf:

>> interface fxp0
>> log yes
>> redirect_port tcp fatboy:80 50000

>Looks good, assuming that's what you want.  Requests on on tcp port 50000 on
>the external interface will be forwarded to port 80 on "fatboy" on the
>internal network.

That's what I want. But I don't get what I want!!

Quote:>One hopes that "fatboy" is defined in /etc/hosts.

Well, it wasn't. Now I added an entry

192.168.0.31    fatboy

and restarted natd ... is there anything else I need to REHUP after
changing the file?

Quote:>Note
>that natd port redirection only works from the outside.  That is, if you
>point a browser on your internal network at your natd box, you won't get
>anywhere.

Hmm, wait. So if I am trying to use a different machine on the LAN to
access fatboy, I will not go through NAT?

Quote:>JN

Thanks for your help!
 
 
 

port forwarding with natd not working

Post by John Nielse » Mon, 27 Jan 2003 10:57:16



> On Sat, 25 Jan 2003 22:40:55 GMT, "John Nielsen"


>> Looks good, assuming that's what you want.  Requests on on tcp port
>> 50000 on the external interface will be forwarded to port 80 on "fatboy"
>> on the internal network.

> That's what I want. But I don't get what I want!!

>> One hopes that "fatboy" is defined in /etc/hosts.

> Well, it wasn't. Now I added an entry

> 192.168.0.31    fatboy

> and restarted natd ... is there anything else I need to REHUP after
> changing the file?

That should be fine.

Quote:>> Note
>> that natd port redirection only works from the outside.  That is, if you
>> point a browser on your internal network at your natd box, you won't get
>> anywhere.

> Hmm, wait. So if I am trying to use a different machine on the LAN to
> access fatboy, I will not go through NAT?

That is correct.  This behavior of natd is by design.  Test it from an
outside host.

Quote:> Thanks for your help!

Welcome.

JN

--
Remove pig-latin to reply by e-mail

 
 
 

port forwarding with natd not working

Post by Strider9 » Mon, 27 Jan 2003 17:35:54


I am only learning this myself, but a question, does this require options
IPFIREWALL_FORWARD



> > On Sat, 25 Jan 2003 22:40:55 GMT, "John Nielsen"


> >> Looks good, assuming that's what you want.  Requests on on tcp port
> >> 50000 on the external interface will be forwarded to port 80 on
"fatboy"
> >> on the internal network.

> > That's what I want. But I don't get what I want!!

> >> One hopes that "fatboy" is defined in /etc/hosts.

> > Well, it wasn't. Now I added an entry

> > 192.168.0.31    fatboy

> > and restarted natd ... is there anything else I need to REHUP after
> > changing the file?

> That should be fine.

> >> Note
> >> that natd port redirection only works from the outside.  That is, if
you
> >> point a browser on your internal network at your natd box, you won't
get
> >> anywhere.

> > Hmm, wait. So if I am trying to use a different machine on the LAN to
> > access fatboy, I will not go through NAT?

> That is correct.  This behavior of natd is by design.  Test it from an
> outside host.

> > Thanks for your help!

> Welcome.

> JN

> --
> Remove pig-latin to reply by e-mail

 
 
 

port forwarding with natd not working

Post by zsi.. » Tue, 28 Jan 2003 02:48:34


Strider99:
options  IPFIREWALL_FORWARD only if you want to enable transparent proxy support

Nick:
Verify this:
- "Fatboy" has as default gateway the internal IP of your firewall
- the firewall will accept packets from inside
- in the fw rules you have something like:
00050 divert 8668 ip from any to any via ${natd_interface}
01000 allow tcp from any to any established
01500 allow tcp from any to ${fw_external_ip} 50000 setup
01500 allow tcp from any to ${fatboy_ip} 80 setup

Have a look here:
http://renaud.waldura.com/doc/freebsd/firewall/

Hope this will help,

-- Zeno


> I am only learning this myself, but a question, does this require options
> IPFIREWALL_FORWARD




> > > On Sat, 25 Jan 2003 22:40:55 GMT, "John Nielsen"


> > >> Looks good, assuming that's what you want.  Requests on on tcp port
> > >> 50000 on the external interface will be forwarded to port 80 on
> "fatboy"
> > >> on the internal network.

> > > That's what I want. But I don't get what I want!!

> > >> One hopes that "fatboy" is defined in /etc/hosts.

> > > Well, it wasn't. Now I added an entry

> > > 192.168.0.31    fatboy

> > > and restarted natd ... is there anything else I need to REHUP after
> > > changing the file?

> > That should be fine.

> > >> Note
> > >> that natd port redirection only works from the outside.  That is, if
> you
> > >> point a browser on your internal network at your natd box, you won't
> get
> > >> anywhere.

> > > Hmm, wait. So if I am trying to use a different machine on the LAN to
> > > access fatboy, I will not go through NAT?

> > That is correct.  This behavior of natd is by design.  Test it from an
> > outside host.

> > > Thanks for your help!

> > Welcome.

> > JN

> > --
> > Remove pig-latin to reply by e-mail

 
 
 

1. natd port forwarding disappeared

Hello all,

I recently installed 4.3 on my machine that's been running 3.3 for most of
it's life. I had a couple redirect rules in an /etc/natd.conf that worked
fine before. Ever since upgrading it just stopped. I have a fairly default
and open firewall and played with a bunch of ipfw rules but to with no
success. Any suggestions?

2. 3COM 3C920

3. NATD and port forwarding (for quake)

4. Windows with floating users

5. HELP - IPFW with NATD for port forwarding

6. Frequency Analysis and the identity of multiple posters

7. Port Forwarding, ipfw + natd

8. Help - GCC 2.7.2.2 doesn't work!

9. Port Forward ( natd ) + Apache

10. ipfw / natd port forwarding.

11. port forwarding with ipfw/natd

12. Port forwarding with iptables not working

13. Port forwarding with ipmasqadm does not work!