RE: Easy port forwarding question

Mann, Bradley Fri, 14 Jul 2006 11:05:32 -0700

(1)
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Connection to 127.0.0.1 closed by foreign host


(2)
[EMAIL PROTECTED](39): ipnat -slv ; ipfstat -v
mapped  in      0       out     0
added   0       expired 0
no memory       0       bad nat 0
inuse   0
rules   2
wilds   0
table ffffffff7ffffc10 list 6000265e180
List of active MAP/Redirect filters:
rdr bge0 0.0.0.0/0 port 80 -> 127.0.0.1 port 8080 tcp
rdr bge0 0.0.0.0/0 port 443 -> 127.0.0.1 port 8443 tcp

List of active sessions:

List of active host mappings:
opts 0x8000040 name /dev/ipf
bad packets:            in 0    out 0
 input packets:         blocked 0 passed 0 nomatch 0 counted 0 short 0
output packets:         blocked 0 passed 0 nomatch 0 counted 0 short 0
 input packets logged:  blocked 0 passed 0
output packets logged:  blocked 0 passed 0
 packets logged:        input 0 output 0
 log failures:          input 0 output 0
fragment state(in):     kept 0  lost 0
fragment state(out):    kept 0  lost 0
packet state(in):       kept 0  lost 0
packet state(out):      kept 0  lost 0
ICMP replies:   0       TCP RSTs sent:  0
Invalid source(in):     0
Result cache hits(in):  0       (out):  0
IN Pullups succeeded:   0       failed: 0
OUT Pullups succeeded:  0       failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
IPF Ticks:      17940
Packet log flags set: (0)
        none

(3)
[EMAIL PROTECTED](38): snoop -Vr -d bge0 port 80 or port 8080
Using device /dev/bge0 (promiscuous mode)
________________________________
158.147.71.95 -> 158.147.51.44 ETHER Type=0800 (IP), size = 62 bytes
158.147.71.95 -> 158.147.51.44 IP  D=158.147.51.44 S=158.147.71.95
LEN=48, ID=47103, TOS=0x0, TTL=126
158.147.71.95 -> 158.147.51.44 TCP D=80 S=2033 Syn Seq=2372153113 Len=0
Win=64512 Options=<mss 1460,nop,nop,sackOK>
158.147.71.95 -> 158.147.51.44 HTTP C port=2033
________________________________
158.147.51.44 -> 158.147.71.95 ETHER Type=0800 (IP), size = 54 bytes
158.147.51.44 -> 158.147.71.95 IP  D=158.147.71.95 S=158.147.51.44
LEN=40, ID=55183, TOS=0x0, TTL=64
158.147.51.44 -> 158.147.71.95 TCP D=2033 S=80 Rst Ack=2372153114 Win=0
158.147.51.44 -> 158.147.71.95 HTTP R port=2033
________________________________
158.147.71.95 -> 158.147.51.44 ETHER Type=0800 (IP), size = 62 bytes
158.147.71.95 -> 158.147.51.44 IP  D=158.147.51.44 S=158.147.71.95
LEN=48, ID=47107, TOS=0x0, TTL=126
158.147.71.95 -> 158.147.51.44 TCP D=80 S=2033 Syn Seq=2372153113 Len=0
Win=64512 Options=<mss 1460,nop,nop,sackOK>
158.147.71.95 -> 158.147.51.44 HTTP C port=2033
________________________________
158.147.51.44 -> 158.147.71.95 ETHER Type=0800 (IP), size = 54 bytes
158.147.51.44 -> 158.147.71.95 IP  D=158.147.71.95 S=158.147.51.44
LEN=40, ID=55184, TOS=0x0, TTL=64
158.147.51.44 -> 158.147.71.95 TCP D=2033 S=80 Rst Ack=2372153114 Win=0
158.147.51.44 -> 158.147.71.95 HTTP R port=2033
________________________________
158.147.71.95 -> 158.147.51.44 ETHER Type=0800 (IP), size = 62 bytes
158.147.71.95 -> 158.147.51.44 IP  D=158.147.51.44 S=158.147.71.95
LEN=48, ID=47108, TOS=0x0, TTL=126
158.147.71.95 -> 158.147.51.44 TCP D=80 S=2033 Syn Seq=2372153113 Len=0
Win=64512 Options=<mss 1460,nop,nop,sackOK>
158.147.71.95 -> 158.147.51.44 HTTP C port=2033
________________________________
158.147.51.44 -> 158.147.71.95 ETHER Type=0800 (IP), size = 54 bytes
158.147.51.44 -> 158.147.71.95 IP  D=158.147.71.95 S=158.147.51.44
LEN=40, ID=55185, TOS=0x0, TTL=64
158.147.51.44 -> 158.147.71.95 TCP D=2033 S=80 Rst Ack=2372153114 Win=0
158.147.51.44 -> 158.147.71.95 HTTP R port=2033 


Brad Mann
Software Engineer - Information Access Services
HARRIS Corporation / GCSD
(321) 984-6292

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim Sandoz
Sent: Friday, July 14, 2006 1:39 PM
To: [email protected]
Subject: Re: Easy port forwarding question


brad,
ok, someplace to start -- at the beginning.

(1)
on the ipf machine, what happens when you
$ telnet 127.0.0.1 8080    ?

(2)
as root, what is the output of
# ipnat -slv ; ipfstat -v   ?

(3)
as root, type this in your xterm/console/ssh/whatever session:
# snoop -Vr -d bge0 port 80 or port 8080
now initiate a browser connection from the remote machine;
record the snoop output for us.

now repeat step (2).

jim


Mann, Bradley wrote:

> Thanks for the help,
> 
> My ipf.conf file is blank. (Comments only)
> 
> ipnat.conf has a single line:
> rdr bge0 0.0.0.0/0 port 80 -> 127.0.0.1 port 8080
> 
> ifconfig -a outputs the following:
> lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
> 8232 index 1
>        inet 127.0.0.1 netmask ff000000
> bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
index
> 2
>        inet 158.147.51.44 netmask ffffff00 broadcast 158.147.51.255
>        ether 0:3:ba:f2:e1:a4
> 
> Brad Mann
> Software Engineer - Information Access Services
> HARRIS Corporation / GCSD
> (321) 984-6292
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Jim Sandoz
> Sent: Friday, July 14, 2006 10:47 AM
> To: [email protected]
> Subject: Re: Easy port forwarding question
> 
> 
> brad,
> 
> a)
> you should be using bge0.
> 
> b)
> did you drill a hole for the rewritten packets in your ipf.conf?
> http://www.phildev.net/ipf/IPFques.html#ques11
> 
> c)
> post your ipf.conf, your ipnat.conf, and the output of "ifconfig -a";
> then we can solve your problem in 60 seconds.
> http://www.phildev.net/ipf/IPFmail.html#mail3
> 
> regards,
> jim
> 
> 
> Mann, Bradley wrote:
> 
> 
>>Thanks for the help. I tried the those settings but they didn't seem
> 
> to
> 
>>work. Perhaps I am not understanding the <IF> part of the command.
>>netstat -i shows 2 entries:
>>
>>lo0  8232 loopback    localhost   ...
>>bge0 1500 machinename machinename ...
>>
>>I tried using both of these as the value for <IF> but the machine
> 
> still
> 
>>didn't seem to forward the ports. I reloaded the file with the
> 
> following
> 
>>commands:
>>
>>ipnat -C
>>ipnat -f ipnat.conf
>>
>>Am I missing something?
>>
>>
>>Brad Mann
>>Software Engineer - Information Access Services
>>HARRIS Corporation / GCSD
>>(321) 984-6292
>>
>>-----Original Message-----
>>From: Flemming Laugaard [mailto:[EMAIL PROTECTED] 
>>Sent: Thursday, July 13, 2006 7:46 AM
>>To: Mann, Bradley
>>Cc: [email protected]
>>Subject: Re: Easy port forwarding question
>>
>>
>>
>>>>Hello,
>>>>
>>>>I am extremely new to ipfilter/ipnat, and all I am attempting to
>>>>accomplish is to have port 80 on a machine forward to its own port
>>
>>8080.
>>
>>
>>>>This command will need to be as generic as possible so that it can
be
>>>>deployed to other locations that have the same configuration but
>>>>different IP address.
>>>>
>>>
>>>ipnat:
>>>rdr <IF> <SRVIP>/32 port 80 -> 127.0.0.1 port 8080
>>>
>>>I can't do it more generic than this. You need to set both IP
>>
>>adresses.
>>
>>
>>>But that could be solved by scripting :-)
>>
>>
>>You could also try
>>
>>rdr <IF> 0.0.0.0/0 port 80 -> 127.0.0.1 port 8080
>>
>>For redirecting anything going anywhere on <IF> port 80. I haven't
> 
> tried
> 
>>it myself.
>>
>>Regards
>>Flemming Laugaard
>>
>>
> 
>

RE: Easy port forwarding question

Reply via email to