Subject: dynamic ip && rdr && webserver not working
To: None <tech-net@netbsd.org>
From: valdez <valdez@froggy.com.au>
List: tech-net
Date: 09/30/2001 23:29:28
This is a multi-part message in MIME format.
------=_NextPart_000_000D_01C14A07.BFD4B7E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi
I have a small LAN using ipNAT and i also have a webserver running on a =
different machine. The NAT/GATEWAY=3D192.168.0.1 that is on rl0 but the =
main external network runs thru ppp0. The webserver is 192.168.0.4.
My current ipnat.conf is :
map ppp0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map ppp0 192.168.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
map ppp0 192.168.0.0/24 -> 0/32
rdr ppp0 0/32 port 80 -> 192.168.0.4 port 80 tcp
My ipf.conf is :
pass in from any to any
pass out from any to any
pass in quick on rl0 from any to any
pass out quick on rl0 from any to any
pass in quick on lo0 from any to any
pass out quick on lo0 from any to any
pass out on ppp0 proto icmp from any to any icmp-type 8 keep state
block in quick on ppp0 from 127.0.0.0/8 to any
block in quick on ppp0 from 172.16.0.0/12 to any
block in quick on ppp0 from 10.0.0.0/8 to any
block in quick on ppp0 from 192.168.0.0/16 to any
block in quick proto tcp from any to any port =3D 723
block in quick proto tcp from any to any port =3D 37
block in quick proto tcp from any to any port =3D 13
block in quick proto tcp from any to any port =3D 139
block in quick proto tcp from any to any port =3D 1022
block in quick proto tcp from any to any port =3D 2049
block in quick proto tcp from any to any port =3D 6000
block in quick proto tcp from any to any port =3D 111
pass in quick proto tcp from any to any port =3D 113
pass in quick on ppp0 proto tcp from any to any port =3D 80 flags S/SA
pass in quick on ppp0 proto tcp from any to any port =3D 443 flags S/SA
pass out quick on rl0 proto tcp from any to any port =3D 80
pass out quick on rl0 proto tcp from any to any port =3D 443
#This rule is for my webserver to be accessed remotely
pass in quick on ppp0 from 192.168.0.4/32 to any port =3D 22
block in log quick on ppp0 from any to any port =3D 22
pass in quick on rl0 from any to any port =3D 22
pass out quick on rl0 from any to any port =3D 22
block in quick on ppp0 proto tcp from any to any flags FUP
#Finally lock the rest down
block in quick on ppp0 from any to any
#Now this is to make sure everything is to keep state
pass out quick on ppp0 proto tcp from any to any flags S keep state
pass out quick on ppp0 proto udp from any to any keep state
pass out quick on ppp0 proto icmp from any to any keep state
Can Someone please tell me why can the my webserver cannot be accessed =
via the internet. I realise that i am on
dynamic ip but cuold that be the problem??
Thanks in advance.
Cheers=20
Paul
=20
------=_NextPart_000_000D_01C14A07.BFD4B7E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>I have a small LAN using ipNAT =
and i also=20
have a webserver running on a different machine. The =
NAT/GATEWAY=3D192.168.0.1=20
that is on rl0 but the main external network runs thru ppp0. The =
webserver is=20
192.168.0.4.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>My current ipnat.conf is :</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>map ppp0 192.168.0.0/24 -> 0/32 =
proxy port =20
ftp ftp/tcp<BR>map ppp0 192.168.0.0/24 -> 0/32 portmap tcp/udp=20
40000:60000<BR>map ppp0 192.168.0.0/24 -> 0/32<BR>rdr ppp0 0/32 port =
80 ->=20
192.168.0.4 port 80 tcp<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>My ipf.conf is :</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>pass in from any to any<BR>pass out =
from any to=20
any</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>pass in quick on rl0 from any to =
any<BR>pass out=20
quick on rl0 from any to any<BR>pass in quick on lo0 from any to =
any<BR>pass out=20
quick on lo0 from any to any</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>pass out on ppp0 proto icmp from any to =
any=20
icmp-type 8 keep state</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>block in quick on ppp0 from 127.0.0.0/8 =
to=20
any<BR>block in quick on ppp0 from 172.16.0.0/12 to any<BR>block in =
quick on=20
ppp0 from 10.0.0.0/8 to any<BR>block in quick on ppp0 from =
192.168.0.0/16 to=20
any</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>block in quick proto tcp from any to =
any port =3D=20
723<BR>block in quick proto tcp from any to any port =3D 37<BR>block in =
quick=20
proto tcp from any to any port =3D 13<BR>block in quick proto tcp from =
any to any=20
port =3D 139<BR>block in quick proto tcp from any to any port =3D =
1022<BR>block in=20
quick proto tcp from any to any port =3D 2049</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>block in quick proto tcp from any to =
any port =3D=20
6000<BR>block in quick proto tcp from any to any port =3D =
111</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>pass in quick proto tcp from any to any =
port =3D=20
113</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><BR>pass in quick on ppp0 proto tcp =
from any to any=20
port =3D 80 flags S/SA<BR>pass in quick on ppp0 proto tcp from any to =
any port =3D=20
443 flags S/SA<BR>pass out quick on rl0 proto tcp from any to any port =
=3D=20
80<BR>pass out quick on rl0 proto tcp from any to any port =3D =
443</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>#This rule is for my webserver to be =
accessed=20
remotely<BR>pass in quick on ppp0 from 192.168.0.4/32 to any port =3D =
22<BR>block=20
in log quick on ppp0 from any to any port =3D 22<BR>pass in quick on rl0 =
from any=20
to any port =3D 22<BR>pass out quick on rl0 from any to any port =3D=20
22<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>block in quick on ppp0 proto tcp from =
any to any=20
flags FUP</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2><BR>#Finally lock the rest =
down<BR>block in quick=20
on ppp0 from any to any</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>#Now this is to make sure everything is =
to keep=20
state<BR>pass out quick on ppp0 proto tcp from any to any flags S keep=20
state<BR>pass out quick on ppp0 proto udp from any to any keep =
state<BR>pass out=20
quick on ppp0 proto icmp from any to any keep state</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Can Someone please tell me why can the =
my =20
webserver cannot be accessed via the internet. I realise that i am=20
on</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>dynamic ip but cuold that be the=20
problem??</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks in advance.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Cheers </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Paul</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> <BR></DIV></FONT>
<DIV><FONT face=3DArial size=3D2><BR> </DIV></FONT></BODY></HTML>
------=_NextPart_000_000D_01C14A07.BFD4B7E0--