DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 20th May 2009
map7 map7 is offline
Fdisk Soldier
 
Join Date: Jun 2008
Posts: 75
Thanked 3 Times in 3 Posts
Default natd redirect_port problems

I have a gateway which is running FreeBSD 5.1 and I would like to redirect an incoming/outgoing port to a computer on the lan.

I've been dong some reading and it looks like I need natd.

I've compiled my divert options into the kernel and get the following line in my dmesg on boot:
ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to deny, logging limited to 100 packets/entry by default

My internet connection uses the tun0 device and my network is on interface rl0.

The natd command I've been trying is
# natd -interface tun0 -redirect_port tcp 192.168.1.2:80 80

192.168.1.2 is my webserver which runs apache and I can access this internally.

I cannot access it from the outside world, even after I disable any firewall settings.

I've tried with the commands
# sh /etc/rc.firewall simple
# ipfw add divert natd all from any to any via tun0
# natd -interface tun0 -redirect_port tcp 192.168.1.2:80 80

and that doesn't work either. Should I be putting that ipfw in my firewall or will it do the same thing manually? Is this the correct natd call? Do I have to setup a natd.conf file as I don't have one at the moment?
Reply With Quote
  #2   (View Single Post)  
Old 30th May 2009
Calderon's Avatar
Calderon Calderon is offline
Real Name: Patrick Ääripää
Fdisk Soldier
 
Join Date: May 2008
Location: Finland
Posts: 57
Thanked 0 Times in 0 Posts
Default

Haven´t used IPFW for a long time but ill try to remember.

Do you have port 80 open in your firewall configuration too?

Code:
${fwcmd} add allow tcp from any to any 80 in setup via tun0
or manually
Code:
ipfw add allow tcp from any to any 80 in setup via tun0
Also allow "any?" traffic to pass trough your rl0.

I think thats the right way youre going, no need for natd.conf necessarily

natd.conf

Code:
use_sockets yes
same_ports yes
unregistered_only yes
dynamic
interface tun0     


#redirects
redirect_port tcp 192.168.1.2:80 80
Reply With Quote
  #3   (View Single Post)  
Old 5th June 2009
Calderon's Avatar
Calderon Calderon is offline
Real Name: Patrick Ääripää
Fdisk Soldier
 
Join Date: May 2008
Location: Finland
Posts: 57
Thanked 0 Times in 0 Posts
Default

Also that divert i think should be first before any rules. (except local). What does ipfw show output after your "configuration/commands"

I assume you have gateway_enable="YES" in your rc.conf

or

sysctl net.inet.ip.forwarding=1

just checking.
__________________
SpreadBsd
Reply With Quote
  #4   (View Single Post)  
Old 10th June 2009
map7 map7 is offline
Fdisk Soldier
 
Join Date: Jun 2008
Posts: 75
Thanked 3 Times in 3 Posts
Default

I've got it working but I have to run this command everytime my firewall restarts:

# natd -interface tun0 -redirect_port tcp 192.168.1.2:80 80

and I've added these lines to my firewall
# NAT
${fwcmd} add divert natd all from any to any via tun0
${fwcmd} add check-state allow all from any to any

${fwcmd} add pass tcp from any to ${oip} 80 setup
${fwcmd} add divert natd all from any to any via ${oif}
${fwcmd} add check-state allow all from any to any


What is the proper way of starting that nat command at startup? Should I be using the natd.conf?
Reply With Quote
  #5   (View Single Post)  
Old 10th June 2009
Calderon's Avatar
Calderon Calderon is offline
Real Name: Patrick Ääripää
Fdisk Soldier
 
Join Date: May 2008
Location: Finland
Posts: 57
Thanked 0 Times in 0 Posts
Default

rc.conf

Code:
natd_enable="YES"
natd_interface="tun0"
natd_flags="-f /etc/natd.conf"
__________________
SpreadBsd
Reply With Quote
  #6   (View Single Post)  
Old 11th June 2009
map7 map7 is offline
Fdisk Soldier
 
Join Date: Jun 2008
Posts: 75
Thanked 3 Times in 3 Posts
Default

I've put those lines in the rc.conf file but I still have to run the natd command manually when I boot. Otherwise people get a proxy not found error in their browsers.

Here is my natd.conf
Code:
#
# natd.conf
#
# Manual line:
# natd -interface tun0 -redirect_port tcp 192.168.200.2:80 80
#


#interface tun0
#use_sockets yes
#same_ports yes

# Allow paistram to be the webserver
redirect_port tcp 192.168.1.2:80 80
I run squid on proxy port 3128 for http requests do I have to add something to my firewall or natd.conf to handle this?
Reply With Quote
  #7   (View Single Post)  
Old 2nd October 2009
map7 map7 is offline
Fdisk Soldier
 
Join Date: Jun 2008
Posts: 75
Thanked 3 Times in 3 Posts
Default

In the end I just created a natd_start.sh script in my /usr/local/etc/rc.d file and started it through rc.conf with natd_start_enable=YES.
Reply With Quote
  #8   (View Single Post)  
Old 9th June 2010
map7 map7 is offline
Fdisk Soldier
 
Join Date: Jun 2008
Posts: 75
Thanked 3 Times in 3 Posts
Default

The script

Quote:
#!/bin/sh

. /etc/rc.subr

name="natd"
start_cmd="${name}_start"
stop_cmd=":"

natd_start()
{
echo "Loading natd.conf file..."
natd -f /etc/natd.conf
}

load_rc_config $name
run_rc_command "$1"
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Freebsd 7.0 natd problem with jail bsduser FreeBSD Installation and Upgrading 2 26th July 2008 12:40 AM
Pf need natd? TiN-MAN FreeBSD Installation and Upgrading 2 5th July 2008 08:25 PM
samba wont operate under natd/ipfw Johnny2Bad FreeBSD General 3 24th May 2008 09:46 PM
flush natd rules nenduvel FreeBSD Security 1 3rd May 2008 08:59 PM


All times are GMT. The time now is 08:48 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick