Displaying 20 results from an estimated 58 matches for "natd".
Did you mean:
nat
2003 Oct 30
1
Using racoon-negotiated IPSec with ipfw and natd
[ -netters, please Cc me or security@ with replies. ]
I'm running into trouble integrating dynamic racoon-based IPSec into a network
with ipfw and natd. I need to be able to allow VPN access from any address
from authenticated clients. I've got the dynamic VPN working, with racoon
negotiating SAs and installing SPs, but the problem is that I can't tell
whether an incoming packet on the internal interface should go through natd or
not.
T...
2003 Jun 08
1
redirect unauthorized users to a login page (natd as a transparent proxy)
...ient
195.250.155.29 is the web wifi user tries to access from his browser
195.113.17.94 is my login page
10.0.0.1 is the wifi interface on the server
What happens is
In [TCP] [TCP] 10.0.0.7:1036 -> 195.250.155.29:80 aliased to
[TCP] 10.0.0.1:1036 -> 195.113.17.94:80
The natd configuration file:
-------------------------------------------------------------------------
interface wi0
port 1234
#proxy_only yes
reverse
proxy_rule port 80 server 195.113.17.94:80
-------------------------------------------------------------------------
Natd was run as natd -f /etc/natd.conf...
2003 Jun 03
0
natd and logging
I have setup natd, enabled logging with -l and it is working
perfectly. However is there a more detailed log to see the translation
tables. I need to log the ipaddress internal 172.*.*.* to the outside with
what port is being used. natd just seems to log the statistics such as
icmp=5 and so on. If natd does...
2003 Jun 02
6
4.8-Stable DummyNet
Hi. We just opened a gaming center and have chosen to run a FreeBsd box for
our firewall. IPFW is configured at it's very basic running natd through rl0
and allowing any to any connections from the lan to the outer world. Natd
controls access to the lan.
We have a 6.0 mb/s ADSL net connection for all the gaming clients to use,
however if a gamer starts downloading a file, that file takes precendence and
causes everyone's pings...
2003 Aug 18
0
question about routing, firewall, natd and bridge
...route add -host 62.168.40.190 172.16.0.251
#it is an public and local ip adress of that host...
but /var/log/kern.log is still clamining a warning
arplookup 62.168.40.190 failed: host is no on local network...
is it the correct way to do a route (especiall if I want to have a
firewall with ipfw,natd and bridge or not?)
your sincerely
Karel Rous
2003 Jun 11
7
IPFW: combining "divert natd" with "keep-state"
I've been using ipfw for a while to create a router with NAT
and packet filtering, but have never combined it with
stateful filtering, instead using things like "established" to
accept incoming TCP packets which are part of a conversation
initiated from the "inside".
I'd like to move to using keep-state/check-state to get tighter
filtering and also to allow outgoing
2005 May 11
3
icmp problem
hi i have a problem with my icmp, i have a router that
performs nat. i cannot ping to internet hosts from
more than one stations situated behind NAT at once. if
i want to ping from another station i have to stop the
ping that was initiated from the first host, and after
a few seconds i can ping from another station.i've
checked firewll and i have no ipfw rules that could
stop icmp traffic.
2003 Apr 30
6
how to configure a FreeBSD firewall to pass IPSec?
I have a FreeBSD box acting as a firewall and NAT gateway
I would like to set it up to transparently pass IPSec packets -- I have
an IPSec VPN client running on another machine, connecting to a remote network.
Is there a way to do this? I can't find any hints in the man pages.
2003 Sep 15
5
strange problem with: ed driver / 4.9-PRE
...l" # Which script to run to set up the firewall
firewall_type="OPEN" # Firewall type (see /etc/rc.firewall)
firewall_logging="YES" # Set to YES to enable events logging
firewall_flags="" # Flags passed to ipfw when type is a file
natd_program="/sbin/natd" # path to natd, if you want a different one.
natd_enable="YES" # Enable natd (if firewall_enable == YES).
natd_interface="ed0" # Public interface or IPaddress to use.
-------------------------------
test2:/home/gmar...
2006 Apr 17
3
IPFW Problems?
Hi,
I have a system with a 4.11 Kernel. Unless I'm doing something very
wrong, there seems to be something odd with ipfw.
Take the following rules:
ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep-
state
ipfw add 00299 deny log all from any to any out via bge0
ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit
src-addr 2
ipfw add 00499 deny log
2003 May 12
1
[Fwd: Re: Down the MPD road]
...rk this dog just don't hunt.
>
> Is there perhaps some part of this I'm missing?
Workaround: Take a box inside the secure network and have it NAT mail &
LDAP connections from the MPD'd range to the mail server. Then have
your MPD'd users use that box.
You can use ipfw+natd to do this; something like:
natd -redirect_address ma.il.ser.ver 0.0.0.0
ipfw add divert 8668 tcp from mpd.ra.ng.es/bits to int.er.nal.ip \
25,110,389 in recv enet0
ipfw add divert 8668 tcp from ma.il.ser.ver 25,110,389 to int.er.nal.ip
in recv enet0
If resources aren't scarce, you could ev...
2003 Jul 03
2
ATA-186 de-register
...st me or do others have a problem with the ATA-186
de-registering? Every couple of hours, if I don't make use of the ATA
connected line, I find that I have to unplug and let the ATA reboot.
After that it is good to go for awhile, but eventually I have to repeat
the process. My ATA sits behind a NATd firewall, any ideas what might
cause the de-registration?
Kim C. Callis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20030702/49736fd1/attachment.htm
2003 Jul 16
0
accessing a jail via localhost
I'm facing a problem with accessing a HTTPd (Apache) jail locally. Consider
this jail scenario:
/etc/hosts:
127.0.0.1 localhost foo.com
172.16.0.1 apache
/etc/natd.conf:
use_sockets yes
same_ports yes
unregistered_only yes
redirect_port tcp 172.16.0.1:80 80
redirect_port tcp 172.16.0.1:443 443
/etc/firewall.sh
...
${fwcmd} add divert natd all from any to any via ${oif}(IPFW)
...
rl0, my external net inferface, is aliased to 172.16.0.1. Apache 1.3 is
instal...
2006 Oct 03
2
Two domains on one network?
I feel I should know the answer to this, but I wanted to verify. I have a
bunch of Windows PC's running Win 2K Pro, on three subnetworks. Two of the
subnets are served by Unix (FreeBSD) boxes running NATD, but all are joined
to a domain being run on a Win 2K Pro server in another building on the
campus. So far I haven't joined the two Unix boxes to the domain.
I'd like to experiment with setting one of the FreeBSD boxes up as a
Primary Domain Controller to experiment with LDAP and roamin...
2007 Aug 23
2
Classful queuing solution
...lice rate to limit upload speed - but this is not particularly
effective and also not really required, as the box is able to shape
traffic in both directions. It is also a NAT box.
Related, not but strictly to do with tc, is there any way of concisely
and effectively logging connections between NATd users and external IPs?
I need to be able to maintain a log which tells me that a certain user
was connected to a certain remote host on a certain port at a certain
time and date, for legal reasons.
I realise this is a bit of a mammoth request, but I hope someone can
help me.
Many thanks in a...
2005 May 17
1
ipfw question
does anyone what is the ipfw equivalent line for this
one?
rdr fxp0 external_ip_addres/32 port 69 -> 192.168.66.3
port 69 udp
i use a tftpd server behind a nat and i want to
redirect all trafic coming from internet on port 69 to
the tftpd server
10x for help
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
2003 Nov 21
0
how to get IPFW rules for SMTP server behind NAT server "right"?
...l (NAT) IP address
exip="any"
gateway_server="10.0.0.1" # the gateway/firewall box, 2 interfaces
smtp_server="10.0.0.2" # SMTP server behind NAT firewall
client_machine="10.0.0.3" # a client machine inside the NAT firewall
i've launched NATD as follows:
/usr/sbin/natd \
-interface ${exif} -dynamic -port 8668 \
-log -log_denied \
-unregistered_only \
-use_sockets \
-redirect_port tcp ${smtp_server}:25 25
tme SMTP server listens ONLY on port 25, IP address = 10.0.0.2
currently, my SMTP ipfw rules are as follows (snip...
2003 May 11
1
No subject
...ateway:freebsd5.x/nat--------inner net
| | |
| | L- apache/php (lo_alias1)
| L------ mail server (lo_alias2)
L----------- djbdns (lo_alias3)
Any hints, do's and dont's ? what about natd/ipnat ? which is better for
dynamic rules ? Especially: how to manage that in conjunction with multiple
jails ??
TIA, Slim
2003 May 22
0
VPN IPSEC WIRELESS
...problems in the implementation of a VPN, below made a project of my net:
INTRANET
(10.0.0.0/24)
|
10.0.0.5
xl0
NetBSD IPNAT ( map wi0 10.0.0.0/24 -> 192.168.213.10 )
wi0
192.168.213.10/30
|
|
Wireless
VPN
|
|
192.168.213.9/30
xl2
FreeBSD NATD ( divert natd all from any to any )
xl0
200.x.x.5/24
|
200.x.x.1/24
Router
|
|
INTERNET
NetBSD Node ( ipsec.conf ):
spdadd 192.168.213.10 0.0.0.0/0 any -P out ipsec esp/tunnel/192.168.213.10-192.168.213.9/require;
spdadd 0.0.0.0/0 192.168.213.10 any -P in ipsec esp/tunn...
2003 Sep 20
4
Maximum retries exceeded w/SIP
...of all, I'd like to send a big "thank you" to all the folks who have
helped me get this far.
Now on to the next problem. Here's my current network setup:
The Big I ---+--- FreeBSD FW --- * (10.0.0.253) ---- PC (10.0.0.1)
|
+--- Laptop (public IP)
natd is set up with the following rules:
redirect_port udp 10.0.0.253:10000-20000 10000-20000
redirect_port udp 10.0.0.253:5060 5060
* is set up with the demo/sandbox config.
I'm using XLite as my SIP client and have configured it on PC to work with *.
I'm able to do everything I've trie...