[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TCP Reflection (continued)



dc0 (external)
-J.
On Thu, 2002-10-31 at 16:29, Zafer Dastan wrote:
> which interface (dc0 or dc1) contains $server (10.109.10.97/32) ip address ?
> 
> Daniel Hartmeier wrote:
> 
> >On Thu, Oct 31, 2002 at 01:26:36PM -0500, Jason Dixon wrote:
> >
> >  
> >
> >>nat on $int_if proto tcp from $int_net to $server port 80 -> $int_if 
> >>
> >>/etc/nat.conf:22: syntax error 
> >>pfctl: syntax error in file: nat rules not loaded 
> >>    
> >>
> >
> >Yes, pf in 3.1 doesn't allow to specify ports in nat rules, that was
> >added after 3.1-release...
> >
> >  
> >
> >>The client appears to connect to the proxy just fine, based on the
> >>output of "pfctl -ss", netstat, and tcpdump.  However, it appears that
> >>the firewall is not translating the destination, as tcpdump on the
> >>server shows a source address of 127.0.0.1.
> >>    
> >>
> >
> >dc1 does have 192.168.1.0 netmask 255.255.255.0 assigned, right? From
> >the firewall, you should be able to 'telnet 192.168.1.20 80' and get a
> >working connection. If that works, add the inetd.conf line as mentioned
> >in the faq. Then, again on the firewall itself, run 'telnet 127.0.0.1
> >80', which should work, too. Then add the rdr as mentioned and telnet to
> >the _external_ address of the firewall, port 80, from a local machine.
> >
> >Daniel
> >
> >  
> >
> 
> -- 
> Kayra.NET Internet ve Bilisim Hizmetleri Ltd. Sti.
> Menekse-2 Sokak No:29/15 Kizilay/Ankara 06440 TURKEY
> Tel: 312.419.2836 Fax: 312.419.2837 M: 532.548.2830
> http://www.kayra.net
> 
>