Nat

M

miztress

Registered
I have 3 macs in a small LAN and 1 DHCP connection. One is a server with two ip (one provided by ISP and one local). Now I need to find a way so that all incomming traffic on port 9000 will be routed to one of the other machines.

I've tried with gNat, cause it seems it has the feature, but it doesn't work !
 
I'm a little unclear on your setup. Does the one mac connect to the ISP and the rest connect to that? Where is the router/hub?

If you are using a router it may have forwarding built in.
 
:)
I will try to be more specific.

Machine 1:
Running Mac OS X Server 10.1 and have ip 80.62.40.109 (ISP) +
192.168.1.1 (local)
This is done with ip aliases.

Machine 2:
Running Mac IS X Client 10.1 and have ip 192.168.1.2.
It uses 192.168.1.1 as gateway.

This far everything works great :)

What I want is to have incomming traffic on 192.168.1.1:9000 to be routed to 192.168.1.2:21

Here is my startup script running on machine 1:

---------------------------------------------------------------------------
#!/bin/sh

##
# NAT enables internet connection to be shared.
##

. /etc/rc.common

ConsoleMessage "Starting NAT"

ConsoleMessage "Setting NAT parameters"

ifconfig en0 alias 192.168.1.1 255.255.255.0

natd -dynamic -interface en0

/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via en0
/sbin/ipfw add pass all from any to any
----------------------------------------------------------------------------

and here is what I get when I type ifconfig -a on machine 1 :

----------------------------------------------------------------------------
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
en0: flags=8863<UP,BROADCAST,b6,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 80.62.40.109 netmask 0xfffffff0 broadcast 80.62.40.111
inet 192.168.1.1 netmask 0xffffff00 broadcast 255.255.255.0
ether 00:0a:27:7d:41:16
media: autoselect (100baseTX <full-duplex>) status: active
supported media: 10baseT/UTP 10baseT/UTP <full-duplex> 100baseTX 100baseTX <full-duplex> autoselect autoselect 10baseT/UTP
-----------------------------------------------------------------------------
 
add this
/sbin/ipfw divert 9000 all from 0.0.0.0/32 to 192.168.1.x/24 in
where 192.168.1.x is your internal server you want to forward to

note: you can replace 0.0.0.0/32 with your isp address provided it is static.

It is also not advisable to alias ip addresses for ip packet accounting and security reasons. Virtual interfaces as well as another physical interface is much more useful in firewall configurations.
 
Thanks cLouD, but I can't get it to work.
I don't see in your post where port 9000 will be redirected to 21.
I have static ip so should it look like this or ....

/sbin/ipfw add 500 divert 21 all from 80.62.40.109 to 192.168.1.2/24 in

I'm sorry to say but I don't get it :-(
 
You didn't specify that you wanted 9000 to be redirected to port 21 in your first post. Didn't see the second post. My bad

FTP redirection is a bit nasty. port 21 fwding is fine. the nasty bit is the ftp-data port 20 which has to keep state.

here's one
/sbin/ipfw add allow tcp from any 9000 to 192.168.1.x 21 setup

it will allow PASV ftp only as ftp ports jump around a lot on the client side its hard to do a keep state.
 
cLoUD

IT WORKS BUT

227 Entering Passive Mode (192,168,1,1,164,253)
425 Possible PASV port theft, cannot open data connection.

I'm connecting in passive mode. It'seems like user is logged on, but can't retrieve listing.
Sorry to ask you again, but PLEASE HELP :)
 
the ftp-data is not being forwarded.. and there is no way to forward it. we could try a general rule


/sbin/ipfw add allow tcp from any 1024-65535 to 192.168.1.x 20 setup keep-state

interchange "setup keep-state" and "established" to see the results. it might help
 
You must log in or register to reply here.
Back
Top