Problems using natd to access internal webserver
Clayton F
nospam at bitheaven.net
Tue Nov 25 01:12:32 PST 2003
I am having trouble using natd to redirect incoming http requests to an
internal web server. My ISP blocks incoming port 80 (the dogs!), so the
browser needs to send its request on an unprivileged port - I chose
port 5500
So in my web browser I enter url http://www.mydomain.com:5500/
My rc.conf sets up the natd redirect as as follows:
natd_enable="YES"
natd_interface="fxp0"
natd_flags="-redirect_port tcp 192.168.1.99:80 5500"
my firewall explicitly allows port 5500 entry as follows:
pass in quick on fxp0 proto tcp from any to any port = 5500 keep state
But when I point my web browser at port 5500, I get the following:
"Could not open the page “http://www.mydomain.com:5500/” because Safari
couldn’t connect to the server “www.mydomain.com”.
With tcpdump set to listen on port 5500 I get the following output:
01:06:19.345827 e-66-117-83-2.empnet.net.12488 >
bc120155.bendcable.com.5500: S 3657164703:3657164703(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916522 0> (DF)
01:06:19.345988 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.12488: R 0:0(0) ack 3657164704 win 0
01:06:19.390964 e-66-117-83-2.empnet.net.4458 >
bc120155.bendcable.com.5500: S 2671871142:2671871142(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916522 0> (DF)
01:06:19.391015 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.4458: R 0:0(0) ack 2671871143 win 0
01:06:19.434339 e-66-117-83-2.empnet.net.55900 >
bc120155.bendcable.com.5500: S 2109062641:2109062641(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916522 0> (DF)
01:06:19.434390 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.55900: R 0:0(0) ack 2109062642 win 0
01:06:19.479086 e-66-117-83-2.empnet.net.33048 >
bc120155.bendcable.com.5500: S 1018302934:1018302934(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916522 0> (DF)
01:06:19.479130 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.33048: R 0:0(0) ack 1018302935 win 0
01:06:19.522875 e-66-117-83-2.empnet.net.60586 >
bc120155.bendcable.com.5500: S 26968154:26968154(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916522 0> (DF)
01:06:19.523022 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.60586: R 0:0(0) ack 26968155 win 0
01:06:19.578958 e-66-117-83-2.empnet.net.57944 >
bc120155.bendcable.com.5500: S 1035247753:1035247753(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916522 0> (DF)
01:06:19.578993 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.57944: R 0:0(0) ack 1035247754 win 0
01:06:19.623151 e-66-117-83-2.empnet.net.57938 >
bc120155.bendcable.com.5500: S 1144796038:1144796038(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916522 0> (DF)
01:06:19.623189 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.57938: R 0:0(0) ack 1144796039 win 0
01:06:19.666940 e-66-117-83-2.empnet.net.27714 >
bc120155.bendcable.com.5500: S 347489487:347489487(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916523 0> (DF)
01:06:19.666985 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.27714: R 0:0(0) ack 347489488 win 0
01:06:19.709585 e-66-117-83-2.empnet.net.40754 >
bc120155.bendcable.com.5500: S 1869973581:1869973581(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916523 0> (DF)
01:06:19.709612 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.40754: R 0:0(0) ack 1869973582 win 0
01:06:19.756122 e-66-117-83-2.empnet.net.18348 >
bc120155.bendcable.com.5500: S 3628283803:3628283803(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916523 0> (DF)
01:06:19.756152 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.18348: R 0:0(0) ack 3628283804 win 0
01:06:19.804295 e-66-117-83-2.empnet.net.52446 >
bc120155.bendcable.com.5500: S 3652608703:3652608703(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916523 0> (DF)
01:06:19.804377 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.52446: R 0:0(0) ack 3652608704 win 0
01:06:19.847865 e-66-117-83-2.empnet.net.18192 >
bc120155.bendcable.com.5500: S 238075128:238075128(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916523 0> (DF)
01:06:19.847897 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.18192: R 0:0(0) ack 238075129 win 0
01:06:19.891162 e-66-117-83-2.empnet.net.25176 >
bc120155.bendcable.com.5500: S 60109903:60109903(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916523 0> (DF)
01:06:19.891206 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.25176: R 0:0(0) ack 60109904 win 0
01:06:19.934624 e-66-117-83-2.empnet.net.41352 >
bc120155.bendcable.com.5500: S 2942823322:2942823322(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916523 0> (DF)
01:06:19.934652 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.41352: R 0:0(0) ack 2942823323 win 0
01:06:19.976920 e-66-117-83-2.empnet.net.25770 >
bc120155.bendcable.com.5500: S 1830184345:1830184345(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916523 0> (DF)
01:06:19.976947 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.25770: R 0:0(0) ack 1830184346 win 0
01:06:20.019365 e-66-117-83-2.empnet.net.37826 >
bc120155.bendcable.com.5500: S 3428010868:3428010868(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916523 0> (DF)
01:06:20.019392 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.37826: R 0:0(0) ack 3428010869 win 0
01:06:20.063532 e-66-117-83-2.empnet.net.57502 >
bc120155.bendcable.com.5500: S 373758618:373758618(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916523 0> (DF)
01:06:20.063574 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.57502: R 0:0(0) ack 373758619 win 0
01:06:20.112894 e-66-117-83-2.empnet.net.44448 >
bc120155.bendcable.com.5500: S 3033730069:3033730069(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916523 0> (DF)
01:06:20.112935 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.44448: R 0:0(0) ack 3033730070 win 0
01:06:20.155772 e-66-117-83-2.empnet.net.31148 >
bc120155.bendcable.com.5500: S 134626080:134626080(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916524 0> (DF)
01:06:20.155805 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.31148: R 0:0(0) ack 134626081 win 0
01:06:20.198041 e-66-117-83-2.empnet.net.23638 >
bc120155.bendcable.com.5500: S 1299869796:1299869796(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916524 0> (DF)
01:06:20.198067 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.23638: R 0:0(0) ack 1299869797 win 0
01:06:20.240643 e-66-117-83-2.empnet.net.20744 >
bc120155.bendcable.com.5500: S 2584151359:2584151359(0) win 65535 <mss
1460,nop,wscale 0,nop,nop,timestamp 2239916524 0> (DF)
01:06:20.240671 bc120155.bendcable.com.5500 >
e-66-117-83-2.empnet.net.20744: R 0:0(0) ack 2584151360 win 0
It appears the web server's attempt to make the connection is falling
on deaf ears.
(btw: I've confirmed the web server is up and running - if I set up a
localhost port forward using ssh - aka "ssh -L 5500:192.168.1.99:80
myname at mydomain.com" I am able to access the web server)
Any tips on what I'm doing wrong?
Thanks!
Clayton
More information about the freebsd-questions
mailing list