The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Previous Message  |  Next Message 
 Having problems with NATD and internal Traffic back to localhost on private LAN
Author: bsddizzy 
Date:   05-12-05 18:43

Natd seems to be working properly as far as the outside world is concerned. I have port 80,22 forwarded to my web server which is on a private lan. My router/firewall is the freebsd with two interfaces. One we say WAN the other LAN. Machines on the LAN when trying to go http:publicaddress or ssh publicaddress for some reason get directed to the router. This causes problems on the webserver. I want local traffic for port 80 going to my webserver as well as public when using the public address.

Confused about my problem? It's why I call myself bsddizzy


My configuration:


6.0-RELEASE FreeBSD 6.0-RELEASE

# ipfw list
00150 divert 8668 ip from any to any via rl0
00200 skipto 400 ip from any to any recv rl0
00300 allow ip from any to any
00400 allow tcp from any to any established
00500 allow tcp from any to any tcpflags ack
00600 allow udp from any 53 to any dst-port 1024-65535
00700 allow icmp from any to any icmptypes 0,3,4,11,12
00750 allow udp from any to 10.10.0.80 dst-port 80
00775 allow tcp from any to 10.10.0.80 dst-port 80
00800 allow tcp from any to any dst-port 22
00900 allow tcp from any to any dst-port 113
01000 allow tcp from any to me dst-port 10000
01100 allow udp from any to any dst-port 520
01150 allow ip from any to 10.10.0.5
01200 allow ip from 129.37.0.113 to 10.10.0.5
65535 deny ip from any to any


# cat /etc/natd.conf
log yes
deny_incoming no
port 8668
#
use_sockets yes
#
# Avoid port changes if possible. Makes rlogin work
# in most cases.
#
same_ports yes
#
verbose no
interface rl0
unregistered_only yes
redirect_port udp 10.10.0.80:80 80
redirect_port tcp 10.10.0.80:80 80
redirect_port tcp 10.10.0.80:22 22


t# cat /etc/rc.conf

# -- sysinstall generated deltas -- # Mon Nov 21 03:23:04 2005
# Created: Mon Nov 21 03:23:04 2005
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
# defaultrouter="10.10.0.1"
# gateway_enable="YES"
hostname="littlebit.nc.rr.com"
ifconfig_dc0="inet 10.10.0.1 netmask 255.255.255.0"
ifconfig_rl0="DHCP"
inetd_enable="YES"
# kern_securelevel="3"
# kern_securelevel_enable="YES"
# router="/sbin/routed"
# router_enable="YES"
# router_flags="-s"
sshd_enable="YES"
usbd_enable="YES"
firewall_enable="YES"
gateway_enable="YES"


# ifconfig -a
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 fe80::208:2ff:fe4d:ce95%rl0 prefixlen 64 scopeid 0x1
inet 65.190.xxx.xxx netmask 0xfffff800 broadcast 255.255.255.255
ether 00:08:02:4d:ce:95
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 fe80::210:a4ff:fe94:97cb%dc0 prefixlen 64 scopeid 0x3
inet 10.10.0.1 netmask 0xffffff00 broadcast 10.10.0.255
ether 00:10:a4:94:97:cb
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active



 Reply To This Message  |  Forum List  |  Flat View   Newer Topic  |  Older Topic 

 Topics Author  Date
 Having problems with NATD and internal Traffic back to localhost on private LAN   new
bsddizzy 05-12-05 18:43 
 Re: Having problems with NATD and internal Traffic back to localhost on private   new
halber_mensch 06-12-05 17:11 
 Good job   new
Dan 06-12-05 18:10 
 Re: Good job   new
halber_mensch 06-12-05 19:03 
 Re: Having problems with NATD and internal Traffic back to localhost on private   new
bsddizzy 07-12-05 22:54 
 Re: Having problems with NATD and internal Traffic back to localhost on private   new
bsddizzy 07-12-05 22:54 
 Re: Having problems with NATD and internal Traffic back to localhost on private   new
halber_mensch 08-12-05 14:27 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org