Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Mac OS X > redirect_port natd

redirect_port natd
Thread Tools
billincamphill
Fresh-Faced Recruit
Join Date: Jan 2003
Status: Offline
Reply With Quote
Jan 12, 2003, 09:57 AM
 
I'm trying to use an OSX box with two NICs as a NAT/Firewall. The firewall rules work fine and the NATing from the LAN to the internet works fine, but I can't get the incoming traffic redirected. During this troubling setup my firewall rules have been suspended and I'm allowing any to any. I'm starting natd with a config file that states:
use_sockets yes
same_ports yes
interface en0
redirect_port tcp 192.168.100.22:20-21 20-21 #my LAN's ftpbox

my IPFW rule is divert natd all from any to any

My tcpdumps show when an outside ftp connection comes to my WAN port it is redirected to the LAN port, but with the WANaddress in the packet. Is this correct? Shouldn't it still appear to be from the outside connection? The packet then gets to the ftp server but the ftpserver is replying to the WAN port on my natbox instead of the original ftp client. Nothing ever makes it back to the ftp client and the connection timesout.


NATbox
tcpdump: listening on en0 (WAN)
13:20:13.534497 outsideconnection.49164 > myWANaddress.ftp:
S 3162765832:3162765832(0) win 32768 <mss 1460,wscale 0,nop> (DF)
13:20:13.535898 ftpgateway.ftp > myWANaddress.49164:
S 1644191287:1644191287(0) ack 3162765833 win 33580 <mss 1460,nop,wscale 0> (DF)
13:20:13.536267 myWANaddress.49164 > ftpgateway.ftp:
R 3162765833:3162765833(0) win 0

tcpdump: listening on en1 (LAN)
13:20:13.535364 myWANaddress.49164 > LANftpbox.ftp:
S 3162765832:3162765832(0) win 32768 <mss 1460,wscale 0,nop> (DF)



FTPbox
tcpdump: listening on en0 (LAN's ftp server)
13:20:13.342457 myWANaddress.49164 > LANftpbox.21:
S 3162765832:3162765832(0) win 32768 <mss 1460,wscale 0,nop> (DF)
13:20:13.342586 LANftpbox.21 > myWANaddress.49164:
S 1644191287:1644191287(0) ack 3162765833 win 33580 <mss 1460,nop,wscale 0> (DF)
13:20:13.343537 myWANaddress.49164 > LANftpbox.21:
R 3162765833:3162765833(0) win 0


I know this is simple, but I can't get my ducks in a row. I've been through the man pages like a forensics detective. The apple documentation is nonexistent. The FreeBSD info says I need /etc/rc.conf. I tried making a file with the recommended contents with no luck. Can someone lend a hand please?
Thank you,
Bill
     
billincamphill  (op)
Fresh-Faced Recruit
Join Date: Jan 2003
Status: Offline
Reply With Quote
Jan 13, 2003, 11:38 AM
 
Monday morning and another Eagles win later I solved the problem, thought I'd share.
Two issues:
1.My test ftpserver was using a different gateway than the natbox. I changed it to use the natbox.
2.In ipfw I added another another divert natd rule
divert natd all from myLAN to any via en1(LAN)
divert natd all from any to any via en0(WAN)
Now the LAN folks get out correctly and incoming traffic is redirected correctly based on my /etc/natd.conf
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 08:08 PM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2