Acess to virtual hosts are being blocked by natd/firewall
Guilherme Oliveira
guilherme at nortenet.pt
Tue Jul 8 04:45:21 PDT 2003
Hi !
I've configured a dmz and our workstations (192.168.0) acess to external
sites very well.
But sites that are hosted in 192.168.1 that are port_redirected by natd
with static ip are blocked only if acessed by our workstations with
192.168.0
From internet is fine.
It blocks www.site-example.com and xxx.xxx.xxx.xxx.
It only works with 192.168.1.2 !
/kernel: Connection attempt to TCP xxx.xxx.xxx.xxx:80 from 192.168.0.3:2366
My natd it's configured with
natd_flags="-l -s -m -u -dynamic -log_denied -log_ipfw_denied
-redirect_port tcp 192.168.1.2:80 xxx.xxx.xxx.xxx:80"
The firewall is configured to "OPEN".
netstat -r in natd:
default adsl-b3-72-1.telep UGSc 2 4300 tun0
localhost localhost UH 0 0 lo0
192.168.0 link#2 UC 5 0 xl1
192.168.0.2 00:e0:7d:ed:1b:de UHLW 0 38 xl1 940
192.168.0.3 00:50:eb:1d:80:dd UHLW 1 379 xl1 657
192.168.0.5 00:08:02:cf:1b:6d UHLW 0 1262 xl1 349
192.168.0.6 00:c0:df:09:a1:31 UHLW 0 24 xl1 560
192.168.0.7 00:c0:df:09:ab:e7 UHLW 0 977 xl1 521
192.168.1 link#3 UC 1 0 xl2
192.168.1.2 00:04:75:e9:c0:04 UHLW 1 257 xl2 331
adsl-b3-72-1.telep adslemp-b3-123-140 UH 2 0 tun0
adslemp-b3-121-73. link#1 UC 0 0 xl0
adslemp-b3-121-74. link#1 UC 0 0 xl0
adslemp-b3-121-75. link#1 UC 0 0 xl0
adslemp-b3-121-76. link#1 UC 0 0 xl0
adslemp-b3-121-77. link#1 UC 0 0 xl0
adslemp-b3-121-78. link#1 UC 0 0 xl0
netstat -r in workstation:
Internet:
Destination Gateway Flags Refs Use Netif Expire
default sarpa UGSc 10 0 sis0
localhost localhost UH 0 140 lo0
192.168.0 link#1 UC 2 0 sis0
sarpa 00:04:75:e0:d4:52 UHLW 12 12204 sis0 596
parpa 00:50:eb:1d:80:dd UHLW 0 39 lo0
It's natd problem or ipfw ?
More information about the freebsd-net
mailing list