port fowarding help.

Sorry to trouble you guys again.

I want to see my test site.

Here is my setup

cable modem
router in (freebsd vr0 dhcp on wan)
router out (freebsd xl0 going to dlink router) 192.168.101.1
router in (dlink to wireless and lan connections) 192.168.101.2
router out (dlink wireless and lan) 198.168.102.1
all working.

Because this is in my rc.conf

static_routes="internalnet2"
route add -net 192.168.102.1/24 192.168.101.2

PS: this is also in my rc.conf
sshd_enable="YES"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="vr0"
natd_flags="-dynamic -m"
jail_enable="YES"
and my jails are set to my wan side. (I don't know if that crazy but it works.)

________________________________________

Any ways I have a test site at 192.168.102.221 working and I havn't been able to see it yet using my public IP. and after trying to set up a firewall I loose my connectivity on my xphome box to the internet.

ipfw -q -f flush doesn't reconnect me I have to reboot freebsd
 
Another thing for those who plan to help. My dlink can port forward too. I point my browser to http://192.168.101.2 and I get the web page as if I pointed it at http://192.168.102.221

________________________----

Here's most of my rc.conf file just the jails are excluded.


ifconfig_vr0="DHCP"
ipv6_enable="YES"
ifconfig_xl0="inet 192.168.101.1 netmask 255.255.255.0"
# Add Internal Net 2 as a static route
static_routes="internalnet2"
route add -net 192.168.102.1/24 192.168.101.2
ifconfig_vr0_alias0="inet 192.168.100.230 netmask 255.255.255.255"
ifconfig_vr0_alias1="inet 192.168.100.231 netmask 255.255.255.255"
ifconfig_vr0_alias2="inet 192.168.100.232 netmask 255.255.255.255"
ifconfig_vr0_alias3="inet 192.168.100.233 netmask 255.255.255.255"
keymap="us.iso"
sshd_enable="YES"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="vr0"
natd_flags="-dynamic -m"
jail_enable="YES"
 
I no longer have jails on the same box as my router. I spent almost 70 hrs getting port forwarding to work but the only thing Freebsd can do is share an internet connection with Natd and IPFW.

Its a waist of time.

I can input my unroutable ip 192.168.10.3 and I get it work on but try putting your donaim name or dynamic isp IP and nothing for 70 hrs of trying. (two weeks)

I've read the handbood three maybe four times about this.
 
Personaly I use PF for port forwarding. Just add something like :
ext_if="vr0" #your external interface
internal_net="192.168.102.0/24"

nat on $ext_if from $internal_net to any -> ($ext_if)
rdr on $ext_if proto tcp from any to any port 80 -> 192.168.102.221 port 80

If I have understand your problem, it can a solution.
 
Thnks I'm able to have it working. The difference might be that I now use bind or it always worked. Right now I can not see the sight using my domain named from inside my network but can from outside.

/etc/rc.conf
# -- sysinstall generated deltas -- # Sat Jan 10 02:59:43 2009
# Created: Sat Jan 10 02:59:43 2009
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
gateway_enable="YES"
keymap="us.iso"
ifconfig_xl0="DHCP"
####################
ifconfig_vr1="inet 192.168.0.1/16"
ifconfig_vr1_alias0="inet 192.168.0.17 netmask 255.255.255.255"
ifconfig_vr1_alias1="inet 192.168.0.18 netmask 255.255.255.255"
ifconfig_vr1_alias2="inet 192.168.0.19 netmask 255.255.255.255"
ifconfig_vr1_alias3="inet 192.168.0.20 netmask 255.255.255.255"
##################
firewall_enable="YES"
firewall_type="simple"
natd_enable="YES"
natd_interface="xl0"
natd_flags="-f /etc/natd.conf"
firewall_simple_iif="vr1" # Inside network interface for "simple"
# firewall.
firewall_simple_inet="192.168.0.1/28" # Inside network address for "simple"
# firewall.
firewall_simple_oif="xl0" # Outside network interface for "simple"
# firewall.
static_routes="internalnet2"
route_internalnet2="-net 192.168.2.0/24 192.168.0.2"
named_enable="YES"
sshd_enable="YES"
##################
jail_enable="YES"
jail_set_hostname_allow="NO"
jail_list="ns mail www ns1"
jail_ns_hostname="ns.plusx.ca"
jail_ns_ip="192.168.0.17"
jail_ns_rootdir="/usr/home/j/ns"
jail_ns_devfs_enable="YES"
jail_mail_hostname="mail.plusx.ca"
jail_mail_ip="192.168.0.18"
jail_mail_rootdir="/usr/home/j/mail"
jail_mail_devfs_enable="YES"
jail_www_hostname="www.plusx.ca"
jail_www_ip="192.168.0.19"
jail_www_rootdir="/usr/home/j/www"
jail_www_devfs_enable="YES"
jail_ns1_hostname="ns1.plusx.ca"
jail_ns1_ip="192.168.0.20"
jail_ns1_rootdir="/usr/home/j/ns1"
jail_ns1_devfs_enable="YES"
#########
ntpd_enable="YES"
# -- sysinstall generated deltas -- # Fri Jan 16 12:12:51 2009
ipv6_enable="YES"
defaultrouter="99.246.70.1"
hostname="proxy.plusx.ca"

dynamic
n xl0
redirect_port tcp 192.168.0.19:http http
redirect_port tcp 192.168.0.18:25 25


I plan to learn pf ipfilter as well. I'm going through the whole handbook by setting up other machines.

Here are some of my /etc/namedb files. any input would be nice expecially on getting sendmail to work inside a jail I'm learning that now.
$TTL 3h
0.168.192.in-addr.arpa. IN SOA proxy.plusx.ca. paul.plusx.ca. (
1 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 hour
;
; Name servers
;
0.168.192.in-addr.arpa. IN NS proxy.plusx.ca.
0.168.192.in-addr.arpa. IN NS ns.plusx.ca.
17.0.168.192.in-addr.arpa. IN PTR ns.plusx.ca.
37.70.246.99.in-addr.arpa. IN PTR mail.plusx.ca.
37.70.246.99.in-addr.arpa. IN PTR http://www.plusx.ca.
20.0.168.192.in-addr.arpa. IN PTR ns1.plusx.ca.
1.0.168.192.in-addr.arpa. IN PTR proxy.plusx.ca.
using my real IP is the only way i could see my web page. The example that i used was different and used network addresses only. http://docstore.mik.ua

$TTL 3h
plusx.ca. IN SOA proxy.plusx.ca. paul.plusx.ca. (
1 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 hour
;
; Name servers
;
plusx.ca. IN NS proxy.plusx.ca.
plusx.ca. IN NS ns.plusx.ca.
;
; MX Records
IN MX 10 mail.plusx.ca.
IN A 99.246.70.37

;
; Addresses for the canonical names
;
localhost.plusx.ca. IN A 127.0.0.1
proxy.plusx.ca. IN A 192.168.0.1
ns.plusx.ca. IN A 192.168.0.17
mail.plusx.ca. IN A 99.246.70.37
http://www.plusx.ca. IN A 99.246.70.37
ns1.plusx.ca IN A 192.168.0.20
;
; Aliases
;
nameserver.plusx.ca. IN CNAME proxy.plusx.ca.
mymail.plusx.ca. IN CNAME mail.plusx.ca.
myweb.plusx.ca. IN CNAME http://www.plusx.ca.
;
;www IN CNAME @

there is an error when trying
www IN CNAME @

on the last line so I comment it out.

criticism welcomed
 
Back
Top