Board index Freebsd

FreeBSD and natd - routing from behind firewall to behind firewall.

FreeBSD and natd - routing from behind firewall to behind firewall.

Post by nosp » Thu, 04 Oct 2001 06:45:37



Having a strange problem with a FreeBSD gateway/firewall system I set up.  
The gateway connects a small network to an ADSL line and has three static
external IP addresses.  I am using natd to provide access to the Internet
for computers in the internal LAN.

One of the machines behind the firewall is a web server and I use a natd
line similar to the following to route incoming connections to that box:

redirect_address 192.168.1.100 xxx.xxx.xxx.1

In this case the real IP of the web server is 192.168.1.100 and it is
accessed from outside the LAN by the address xxx.xxx.xxx.1.  This works.

The problem is that if any of the computers on the internal LAN try to
access the web server at xxx.xxx.xxx.1 it doesn't work.  I can access the
web server fine from inside the LAN using the local address (192.168.1.100).

I suspect there is a simple solution to this problem.  Can anyone explain
what it is?  

Thanks,
Don

 
 
 
Top

FreeBSD and natd - routing from behind firewall to behind firewall.

Post by Ludek Frybor » Thu, 04 Oct 2001 07:09:29



> Having a strange problem with a FreeBSD gateway/firewall system I set up.
> The gateway connects a small network to an ADSL line and has three static
> external IP addresses.  I am using natd to provide access to the Internet
> for computers in the internal LAN.

> One of the machines behind the firewall is a web server and I use a natd
> line similar to the following to route incoming connections to that box:

> redirect_address 192.168.1.100 xxx.xxx.xxx.1

> In this case the real IP of the web server is 192.168.1.100 and it is
> accessed from outside the LAN by the address xxx.xxx.xxx.1.  This works.

> The problem is that if any of the computers on the internal LAN try to
> access the web server at xxx.xxx.xxx.1 it doesn't work.  I can access the
> web server fine from inside the LAN using the local address (192.168.1.100).

> I suspect there is a simple solution to this problem.  Can anyone explain
> what it is?

> Thanks,
> Don

Just a few guesses:
1) I guess that your divert rule in the firewall looks similar to this:
divert natd ip from any to any via <your_external_interface>

2) Then I guess that packets from inside the LAN to xxx.xxx.xxx.1 don't
meet the "via <your_external_interface>" criterion. Therefore natd never
sees the packets.

3) If I were you, I would try if it helps if you add an additional rule:
divert natd ip from 192.168.1.0/24 to xxx.xxx.xxx.1
(and maybe also:
divert natd ip from xxx.xxx.xxx.1 to 192.168.1.0/24
so that the return packets get to natd as well)

I really can't guarantee it will work, but it might be worth trying.

Ludek

 
 
 
Top

1. FTP server behind linux firewall communicating w/ FTP behind linux firewall

I have a Windows-based FTP server (G6) behind a linux firewall box
running ipchain and ipmasqadm portfw rules to enable communication
with the out side world. I can connect to this server from the
outside, but PASV doesn't work. I have rules that allow ports above
1023 for the PASV traffic and I also had put the FTP server on a
haigher port other than 21.  I portfw'd the same port through to the
internal Windows machine running the ftp server as well as forwarding
the ftp-data. I have the ip_masq_ftp module loaded. I'm not sure why
PASV doesn't work.

Also, the other thing I'm trying to get working is communicating with
this same FTP server from a client within another linux-firewalled
(also using ipchains and portfw rules) LAN. I can connect, but can't
get any data transfers going, including directory listings, using
either PASV or regular FTP. I'm not sure if I should be forwarding
ftp-data to the internal machine running the ftp client.

What I ultimately want to do is be able to connect from a client
within on linux firewalled LAN to an ftp server inside another linux
firewalled LAN on a non-standard port and using PASV if possible. Any
help would be appreciated.

2. xlf/dbx weirdness with statement functions

3. FTP server behind on firewall FTP client behind another

4. Newbie ls question

5. ping from behind firewall, but not on firewall

6. rsh does not return: rsh -n spica /etc/init.d/autofs start ?

7. firewall behind a firewall

8. going from mandrake to redhat

9. IPChains firewall behind firewall problem

10. Fech behind a authenticated firewall (http firewall)

11. routing problem: 16 INET IP's behind a firewall

12. Routing behind a firewall ?!

13. Traffic routing for Multiple Web & Mail Servers behind a single linux firewall


All times are UTC
Board index