PLEASE HEEEEEELLLLPPPP ME...

zel_at_free.fr
Date: 07/23/03

  • Next message: Brett Glass: "Re: NAT and PPTP" 
    Date: Wed, 23 Jul 2003 13:51:43 +0200
To: freebsd-net@freebsd.org

    please HELP !!!

    Ok... here is my problem that I tried to explain completly !

    The situation is the one below:

    =====================================
    |SpeedToucheHome Ethernet ADSL Modem|
    | 10.0.0.138/24 |
    =====================================
                |
           10.0.0.0/24
                |
    ==========================
    | 10.0.0.1/24 |
    | (A) 10.1.0.254/24 |- 10.1.0.0/24 - (... DMZ ...)
    | 192.168.1.254/24 |
    ==========================
               |
          192.168.1.0/24
               |
              ...
         clients workstations

    My problem is about the computer A which does not what I would like It does.

    Currently, this computer has a customized kernel with thoses options:
    IPFIREWALL
    IPDIVERT

    but not IPFILTER !!! maybe it is the problem, I don't know !

    in the rc.conf, I made the following configuration
    firewall_enabled="YES"
    firewall_type="SIMPLE" (but I tried too with OPEN")

    natd_enable="YES"
    natd_interface="tun0" (this is the interface for PPPoE, I think)
    natd_flags="-f /etc/natd.conf"

    ...

    and in natd.conf:
    dynamic
    interface tun0
    redirect_port tcp 10.1.0.1:20-21 20-21

    10.1.0.1 is the IP address from my FTP server which is a computer placed in the
    DMZ.

    My problem is: "from outside, I cannot access to the FTP server..."

    What I can say is:
    First: My FTP server is OK because from inside, I can access to it from any
    computer in DMZ or from clients workstations.
    Secund: The answer to an outside request is "connection closed by host".
    Third: Interface tun0 (the virtual interface for PPPoE) receives the ftp
    request but does not forward them to ed1 (the outside netcard from A and
    configured with 10.0.0.1). (I discoverd that with tcpdump).
      (the others interfaces get no more ftp packets from tun0)...

    So, what can I do to solve this problem...

    Thank you

    Sylvain.
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Brett Glass: "Re: NAT and PPTP"

    Relevant Pages

    • Re: Encrypted FTP through a ASA
      ... users to choose which one and then have ftp traffic encrypted through ... interface Vlan2 ...
      (comp.dcom.sys.cisco)
    • Re: PIX 7.22 FTP Problem
      ... users who rely on FTP. ... description This is the Outside/LOWER/PUBLIC Security Interface ... access-list 101 extended permit tcp any host x.x.x.106 eq smtp ...
      (comp.dcom.sys.cisco)
    • Re: How to redirect ftp port for inbound traffic?
      ... ip nat inside source list 110 interface Dialer0 overload ... FTP host public ip address. ... Rule 102 is applied to the dialer0 interface: ip access-group 102 in ...
      (comp.dcom.sys.cisco)
    • Re: How to redirect ftp port for inbound traffic?
      ... ip nat inside source list 110 interface Dialer0 overload ... FTP host public ip address. ... Rule 102 is applied to the dialer0 interface: ip access-group 102 in ...
      (comp.dcom.sys.cisco)
    • Re: PLEASE HEEEEEELLLLPPPP ME...
      ... FTP makes use of two separate TCP connections. ... > connection a data connection is ... > and the server provides details of what port the client should connect to. ... >> computer in DMZ or from clients workstations. ...
      (freebsd-net)