Re: HOWTO Ping LAN???

From: Hakim Z. Singhji (hzs202_at_nyu.edu)
Date: 08/20/04

  • Next message: Talgat: "cracking FreeBSD 5.2.1 using windows 98 startup diskette" 
    Date: Fri, 20 Aug 2004 04:28:02 -0400
To: Eric Crist <ecrist@secure-computing.net>

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hello,

    Thank you for your replies gentlemen, this post is a bit old, I have
    already built my FreeBSD NAT box and configured IPFW...I am currently
    building a new kernel configuration for the machine to include IPDIVERT,
    IPFIREWALL and a few other system specific modifications.

    If I have any questions concerning this issue, I will include you both
    (Eric, Rich) in the list. Thanks

    Eric Crist wrote:
    | SEE BOTTOM
    |
    |>-----Original Message-----
    |>From: owner-freebsd-questions@freebsd.org
    |>[mailto:owner-freebsd-questions@freebsd.org] On Behalf Of
    |>Rich Shinnick
    |>Sent: Thursday, August 19, 2004 11:46 PM
    |>To: 'Hakim Singhji'; 'Hakim Z. Singhji'; 'MatthewSeaman'
    |>Cc: 'Bill Moran'; freebsd-questions@freebsd.org
    |>Subject: RE: HOWTO Ping LAN???
    |>
    |>
    |>Hakim,
    |>
    |>What you are trying to do is possible in two ways:
    |>
    |>1. SSH to the box, and tunnel to other internal machines
    |>according to the tunnels you have set up. (See the last email
    |>I sent). 2. Port forward connections from the Internet "thru"
    |>the BSD to internal machines.
    |>
    |>Check these links: http://www.rootprompt.net/freebsd_firewall.html
    |>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fire
    |>walls.html
    |>
    |>
    |> _____
    |>
    |>From: Hakim Singhji [mailto:Hakim.Singhji@nychhc.org]
    |>Sent: Thursday, July 29, 2004 10:27 AM
    |>To: Hakim Z. Singhji; MatthewSeaman
    |>Cc: Bill Moran; freebsd-questions@freebsd.org
    |>Subject: Re: HOWTO Ping LAN???
    |>
    |>
    |>Hi Matt,
    |>
    |>You say that the only way I will be able to connect to my
    |>network is by tunneling.
    |>This is not what I want to do, I thought I may be able to
    |>SSH, Telnet, www, etc.
    |>from the outside to my default gateway and have the gateway
    |>pass SSH, Telnet,
    |>www., or any other request to the machine on the private
    |>network by including the
    |>"localhost.defaultgateway.domain.org" or something to that affect.
    |>
    |>Does NAT Overloading only go one way???
    |>
    |>Hakim Z. Singhji
    |>Coordinating Mgr. / Infection Control
    |>718-245-3923
    |>hakim.singhji@nychhc.org
    |>
    |>
    |>>>>Matthew Seaman <m.seaman@infracaninophile.co.uk>
    |>
    |>7/29/2004 5:32:32
    |>
    |>>>>AM
    |>>>>
    |>
    |>On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote:
    |>
    |>
    |>>Figure 1
    |>>
    |>>***************
    |>>* Internet *
    |>>*24.199.1xx.xx*
    |>>***************
    |>>~ |
    |>>~ |
    |>>*************** **************
    |>>* Defaut GW * __ __ *Kids Machine*
    |>>*192.68.0.1 * *192.68.0.3 *
    |>>FreeBSD 4.10 * * Mandrake 10*
    |>>*************** **************
    |>>~ |
    |>>~ |
    |>>*****************
    |>>*Wrk Station1*
    |>>*192.68.0.2 *
    |>>*Redhat 9 *
    |>>*****************
    |>>
    |>>This is a rough diagram of the network... I would like to
    |>
    |>ssh, ping,
    |>
    |>>etc. the machines behind the default gateway directly (without
    |>>tunneling) from the outside the network (at work for
    |>
    |>example). Is this
    |>
    |>>possible and if so how do I config. Keep in mind that my default
    |>>gateway is FreeBSD. I know this may be a complicated project but if
    |>>you could help that would help me greatly. Many thanks to
    |>
    |>everyone in
    |>
    |>>advance.
    |>
    |>I'm afraid that's not going to be possible with your current
    |>network layout. If you want all of your machines to be
    |>accessible from the Internet, then you'll need routable
    |>addresses on all of your machines.
    |>
    |>I know you've said you don't want to use tunnelling, but
    |>unfortunately, that's the only way you can access a private
    |>address space as you have from outside it. A relatively
    |>simple way of doing that is to ssh into your gateway box, and
    |>use the '-L' or '-R' portforwarding options to create a
    |>tunnel to one of the internal machines, and then ssh or
    |>otherwise connect through that tunnel: see eg.
    |>
    |
    | http://www.linux.ie/articles/tutorials/ssh.php
    |
    | One other point: you're going to have problems if you're using
    | 192.168.0.0 as the IP number on your FreeBSD machine. That's the
    | *network* address, and shouldn't be applied directly to any specific
    | machine. If you're running your internal network using 192.168.0.0/24 as
    | the address space, then you have 254 addresses (from 192.168.0.1 to
    | 192.168.0.254) to use for client machines, since 192.168.0.0 (network
    | address) and 192.168.0.255 (broadcast address) are reserved as part of
    | the networking setup.
    |
    | Cheers,
    |
    | Matthew
    |
    | --
    | Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
    | Savill Way
    | PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
    | Tel: +44 1628 476614 Bucks., SL7 1TH UK
    |
    |
    | Hello,
    |
    | There is one real solution to this here.
    |
    | You could setup a DMZ to your Default Gateway. If this is a Linksys
    | Broadband Gateway, it's as simple as checking a box and typing in the
    | private IP address. This routes all incoming (non-statefull)
    | connections to this host. Since your IP changes, use a dynamic DNS
    | service such as no-ip.org(sp?) or tzo.com. I've used TZO.com,
    | personally, then I just got DSL with a /29 static IP address allocation.
    | This should work without issue, unless your DMZ firewall rules prevent
    | it. I would need more information to let you know.
    |
    | HTH
    |
    | Eric F Crist
    | Best Access Systems
    | 11300 Rupp Dr. Burnsville, MN 55337
    | Phone: 952.894.3830
    | Cell: 612.998.3588
    | Fax: 952-894-1990
    |
    |
    |
    | _______________________________________________
    | freebsd-questions@freebsd.org mailing list
    | http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    | To unsubscribe, send any mail to
    "freebsd-questions-unsubscribe@freebsd.org"
    |
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFBJbYRlT9WV6TztkoRAgUhAJ9jgGuS9xXGNH5XzwXmku2w6PheWwCdFPed
    3MXw5ZImQrd9oFKT25Imwpk=
    =HqoR
    -----END PGP SIGNATURE-----

  • Next message: Talgat: "cracking FreeBSD 5.2.1 using windows 98 startup diskette"

    Relevant Pages

    • Re: Non-domain connection problem
      ... Yesterday I even hardcoded the DNS of a local ISP into the TCP/ip properties ... Connect to Internet from Internal Network ... Notice that the default gateway and DNS IP addresses are different, ...
      (microsoft.public.windows.server.sbs)
    • Re: Possible case of ip forwarding
      ... I have a desktop running windows and a laptop running FC6. ... Laptop is able to access internet without any issues. ... I changed my desktop's default default gateway to be my ... Laptop's gateway is the default gateway of the network. ...
      (Fedora)
    • Re: One computer on 2 networks
      ... The gateway setting on the 172.30 NIC should be blank. ... If they are not all 172.30 you need to use a shorter network mask (so ... How exactly would the Route Add sentence be? ... and yours must point to the Internet gateway. ...
      (microsoft.public.windows.server.networking)
    • Re: keep getting DCOM intrusions
      ... the XP machines, you should have the ICF firewall enabled on the ICS ... connection which would block this infection from the Internet side. ... It won't, however, prevent your bringing the infection into the network ...
      (microsoft.public.security.virus)
    • Re: Event id 529
      ... The machines are not accessible from the Internet. ... I don't have access to my Network ... Logon Failure: ...
      (microsoft.public.windowsxp.security_admin)