[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP Reflection (continued)



which interface (dc0 or dc1) contains $server (10.109.10.97/32) ip address ?

Daniel Hartmeier wrote:
On Thu, Oct 31, 2002 at 01:26:36PM -0500, Jason Dixon wrote:
  
nat on $int_if proto tcp from $int_net to $server port 80 -> $int_if 
/etc/nat.conf:22: syntax error 
pfctl: syntax error in file: nat rules not loaded 
    

Yes, pf in 3.1 doesn't allow to specify ports in nat rules, that was
added after 3.1-release...
  
The client appears to connect to the proxy just fine, based on the
output of "pfctl -ss", netstat, and tcpdump.  However, it appears that
the firewall is not translating the destination, as tcpdump on the
server shows a source address of 127.0.0.1.
    

dc1 does have 192.168.1.0 netmask 255.255.255.0 assigned, right? From
the firewall, you should be able to 'telnet 192.168.1.20 80' and get a
working connection. If that works, add the inetd.conf line as mentioned
in the faq. Then, again on the firewall itself, run 'telnet 127.0.0.1
80', which should work, too. Then add the rdr as mentioned and telnet to
the _external_ address of the firewall, port 80, from a local machine.
Daniel
  

-- 
Kayra.NET Internet ve Bilisim Hizmetleri Ltd. Sti.
Menekse-2 Sokak No:29/15 Kizilay/Ankara 06440 TURKEY
Tel: 312.419.2836 Fax: 312.419.2837 M: 532.548.2830
http://www.kayra.net