FreeBSD gate0.psg.com 8.2-STABLE FreeBSD 8.2-STABLE #8: Sat Dec 24 13:39:45 GMT
2011 r...@gate0.psg.com:/usr/obj/usr/src/sys/GATE0 i386
i have a working natd setup and am trying to punch a hole in it for ssh
to an internal host.
.--.
| |
| b --wlan0|
| r| 192.168.0.0/24
WAN IIJ| i --- vr1| LAN hosts,
PPP/NAT ---|vr0[PPPoE][ppp]tun0--d| DHCP Clients
| g --- vr2| ...
| e|
| 0 --- vr3|
| |
`--'
i am trying to do it all in /etc/rc.conf, though i am not wedded to
doing so. i will append the tasty bits.
when tring to ssh in from outside, i get
% ssh -p 60022 gate0
long pause
ssh: connect to host gate0.psg.com port 60022: No route to host
i have no problem sshing to the target host from within the LAN
% ssh 192.168.0.34
Last login: Tue Jan 3 06:16:07 2012 from 192.168.0.1
tcpdump of bridge0 of the gateway shows nothing except the target host
polling dropbox.com occasionally. /etc/ipfw.rules is quite bland, and
the rest of the 15 machines on the LAN have no complaints.
flush
add deny log all from any to any ipoptions ssrr,lsrr,rr
add pass all from any to any via lo0
add deny log all from 127.0.0.0/8 to any
add deny log all from any to 127.0.0.0/8
add divert natd all from any to any via bridge0
add deny tcp from any to me smtp
add 65530 pass all from any to any
any clues on how i debug?
randy
---
hostname=gate0.psg.com
firewall_enable=YES
firewall_type=/etc/ipfw.rules
firewall_quiet=YES
firewall_logging=YES
ppp_enable=YES
ppp_mode=dedicated
ppp_profile=iij
wlans_ath0=wlan0 wlan1
create_args_wlan0=wlanmode ap mode 11g channel 11 up
cloned_interfaces=bridge0
ifconfig_bridge0=192.168.0.1 addm vr1 addm vr2 addm vr3 addm wlan0 addm wlan1
up
ifconfig_vr1=up
ifconfig_vr2=up
ifconfig_vr3=up
hostapd_enable=YES
natd_enable=YES
natd_interface=bridge0
natd_flags=-redirect_port tcp 192.168.0.34:22 60022
gateway_enable=YES
-30-
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
