HOWTO Ping LAN???

Hakim Z. Singhji hzs202 at nyu.edu
Fri Aug 20 01:27:33 PDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Thank you for your replies gentlemen, this post is a bit old, I have
already built my FreeBSD NAT box and configured IPFW...I am currently
building a new kernel configuration for the machine to include IPDIVERT,
IPFIREWALL and a few other system specific modifications.

If I have any questions concerning this issue, I will include you both
(Eric, Rich) in the list. Thanks

Eric Crist wrote:
| SEE BOTTOM
|
|>-----Original Message-----
|>From: owner-freebsd-questions at freebsd.org
|>[mailto:owner-freebsd-questions at freebsd.org] On Behalf Of
|>Rich Shinnick
|>Sent: Thursday, August 19, 2004 11:46 PM
|>To: 'Hakim Singhji'; 'Hakim Z. Singhji'; 'MatthewSeaman'
|>Cc: 'Bill Moran'; freebsd-questions at freebsd.org
|>Subject: RE: HOWTO Ping LAN???
|>
|>
|>Hakim,
|>
|>What you are trying to do is possible in two ways:
|>
|>1. SSH to the box, and tunnel to other internal machines
|>according to the tunnels you have set up. (See the last email
|>I sent). 2. Port forward connections from the Internet "thru"
|>the BSD to internal machines.
|>
|>Check these links: http://www.rootprompt.net/freebsd_firewall.html
|>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/fire
|>walls.html
|>
|>
|>  _____
|>
|>From: Hakim Singhji [mailto:Hakim.Singhji at nychhc.org]
|>Sent: Thursday, July 29, 2004 10:27 AM
|>To: Hakim Z. Singhji; MatthewSeaman
|>Cc: Bill Moran; freebsd-questions at freebsd.org
|>Subject: Re: HOWTO Ping LAN???
|>
|>
|>Hi Matt,
|>
|>You say that the only way I will be able to connect to my
|>network is by tunneling.
|>This is not what I want to do, I thought I may be able to
|>SSH, Telnet, www, etc.
|>from the outside to my default gateway and have the gateway
|>pass SSH, Telnet,
|>www., or any other request to the machine on the private
|>network by including the
|>"localhost.defaultgateway.domain.org" or something to that affect.
|>
|>Does NAT Overloading only go one way???
|>
|>Hakim Z. Singhji
|>Coordinating Mgr. / Infection Control
|>718-245-3923
|>hakim.singhji at nychhc.org
|>
|>
|>>>>Matthew Seaman <m.seaman at infracaninophile.co.uk>
|>
|>7/29/2004 5:32:32
|>
|>>>>AM
|>>>>
|>
|>On Thu, Jul 29, 2004 at 01:40:02AM -0400, Hakim Z. Singhji wrote:
|>
|>
|>>Figure 1
|>>
|>>***************
|>>* Internet *
|>>*24.199.1xx.xx*
|>>***************
|>>~ |
|>>~ |
|>>*************** **************
|>>* Defaut GW * __ __ *Kids Machine*
|>>*192.68.0.1 * *192.68.0.3 *
|>>FreeBSD 4.10 * * Mandrake 10*
|>>*************** **************
|>>~ |
|>>~ |
|>>*****************
|>>*Wrk Station1*
|>>*192.68.0.2 *
|>>*Redhat 9 *
|>>*****************
|>>
|>>This is a rough diagram of the network... I would like to
|>
|>ssh, ping,
|>
|>>etc. the machines behind the default gateway directly (without
|>>tunneling) from the outside the network (at work for
|>
|>example). Is this
|>
|>>possible and if so how do I config. Keep in mind that my default
|>>gateway is FreeBSD. I know this may be a complicated project but if
|>>you could help that would help me greatly. Many thanks to
|>
|>everyone in
|>
|>>advance.
|>
|>I'm afraid that's not going to be possible with your current
|>network layout. If you want all of your machines to be
|>accessible from the Internet, then you'll need routable
|>addresses on all of your machines.
|>
|>I know you've said you don't want to use tunnelling, but
|>unfortunately, that's the only way you can access a private
|>address space as you have from outside it. A relatively
|>simple way of doing that is to ssh into your gateway box, and
|>use the '-L' or '-R' portforwarding options to create a
|>tunnel to one of the internal machines, and then ssh or
|>otherwise connect through that tunnel: see eg.
|>
|
| http://www.linux.ie/articles/tutorials/ssh.php
|
| One other point: you're going to have problems if you're using
| 192.168.0.0 as the IP number on your FreeBSD machine. That's the
| *network* address, and shouldn't be applied directly to any specific
| machine. If you're running your internal network using 192.168.0.0/24 as
| the address space, then you have 254 addresses (from 192.168.0.1 to
| 192.168.0.254) to use for client machines, since 192.168.0.0 (network
| address) and 192.168.0.255 (broadcast address) are reserved as part of
| the networking setup.
|
| Cheers,
|
| Matthew
|
| --
| Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
| Savill Way
| PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
| Tel: +44 1628 476614 Bucks., SL7 1TH UK
|
|
| Hello,
|
| There is one real solution to this here.
|
| You could setup a DMZ to your Default Gateway.  If this is a Linksys
| Broadband Gateway, it's as simple as checking a box and typing in the
| private IP address.  This routes all incoming (non-statefull)
| connections to this host.  Since your IP changes, use a dynamic DNS
| service such as no-ip.org(sp?) or tzo.com.  I've used TZO.com,
| personally, then I just got DSL with a /29 static IP address allocation.
| This should work without issue, unless your DMZ firewall rules prevent
| it.  I would need more information to let you know.
|
| HTH
|
| Eric F Crist
| Best Access Systems
| 11300 Rupp Dr. Burnsville, MN 55337
| Phone: 952.894.3830
| Cell: 612.998.3588
| Fax: 952-894-1990
|
|
|
| _______________________________________________
| freebsd-questions at freebsd.org mailing list
| http://lists.freebsd.org/mailman/listinfo/freebsd-questions
| To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBJbYRlT9WV6TztkoRAgUhAJ9jgGuS9xXGNH5XzwXmku2w6PheWwCdFPed
3MXw5ZImQrd9oFKT25Imwpk=
=HqoR
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3208 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040820/ed5786c9/smime.bin


More information about the freebsd-questions mailing list