Hello,
I've set up a virtual network and installed NSIS on two nodes, of which one acts as a NAT, lets call it node B. The other one is neither a NAT or a firewall; lets call it node A. The network is configured correctly, and the NSIS-PING and NSIS-DIAG utilities work fine. I'm running as root NSIS-NATFW on node A, and it encounters a critical error stating that it cannot create the socket. I presume this is the unix socket mentioned in the man pages. I have had a difficult time trying to figure out why it cannot create that socket, and this seems to be a dead end for me.
Any help is deeply appreciated. Here is an example of running natfw with proxy mode on. 192.168.1.1 is node A, and 192.168.1.3 is node B, on which I want to try to open a hole in the NAT.
./nsis-natfw --create -s 192.168.1.1 -d 192.168.1.3 -sport 24323 -dport 434 -x --debug=0 proxy [9] (info) (NatFw) debug level: 0 [9] (info) (NatFw) message type: CREATE [9] (all) (NatFw) -------------------- [9] (all) (NatFw) apirev = 1 [9] (all) (NatFw) type = 2 [9] (all) (NatFw) proxy = 1 [9] (all) (NatFw) mode = 1 [9] (all) (NatFw) lifetime = 600 [9] (all) (NatFw) policy = 1 [9] (all) (NatFw) subports = 0 [9] (all) (NatFw) opp_address: (null) [9] (all) (NatFw) ds_address: (null) [9] (all) (NatFw) ds_prefix = -1 [9] (all) (NatFw) ds_protocol = -1 [9] (all) (NatFw) ds_port = -1 [9] (all) (NatFw) saddr: 192.180.6.8 [9] (all) (NatFw) daddr: 192.180.6.8 [9] (all) (NatFw) sport = -1 [9] (all) (NatFw) dport = -1 [9] (all) (NatFw) sid = d415e5b7 2000000f40ff8b76cced1b7 [9] (crit) (NatFw) socket creation failed
With kind regards, Mikael Henriksson
Hi Mikael,
your command-line call doesn't match the output (different src&dest-IPs)! Anyway, the right call for the src&dst-ports would be "--" instead of "-" Please try something like: ./nsis-natfw --create -s 192.168.1.1 -d 192.168.1.3 --sport 24323 --dport 434 --debug=0 --allow
Regards, Niklas
Mikael Henriksson schrieb:
Hello,
I've set up a virtual network and installed NSIS on two nodes, of which one acts as a NAT, lets call it node B. The other one is neither a NAT or a firewall; lets call it node A. The network is configured correctly, and the NSIS-PING and NSIS-DIAG utilities work fine. I'm running as root NSIS-NATFW on node A, and it encounters a critical error stating that it cannot create the socket. I presume this is the unix socket mentioned in the man pages. I have had a difficult time trying to figure out why it cannot create that socket, and this seems to be a dead end for me.
Any help is deeply appreciated. Here is an example of running natfw with proxy mode on. 192.168.1.1 is node A, and 192.168.1.3 is node B, on which I want to try to open a hole in the NAT.
./nsis-natfw --create -s 192.168.1.1 -d 192.168.1.3 -sport 24323 -dport 434 -x --debug=0 proxy [9] (info) (NatFw) debug level: 0 [9] (info) (NatFw) message type: CREATE [9] (all) (NatFw) -------------------- [9] (all) (NatFw) apirev = 1 [9] (all) (NatFw) type = 2 [9] (all) (NatFw) proxy = 1 [9] (all) (NatFw) mode = 1 [9] (all) (NatFw) lifetime = 600 [9] (all) (NatFw) policy = 1 [9] (all) (NatFw) subports = 0 [9] (all) (NatFw) opp_address: (null) [9] (all) (NatFw) ds_address: (null) [9] (all) (NatFw) ds_prefix = -1 [9] (all) (NatFw) ds_protocol = -1 [9] (all) (NatFw) ds_port = -1 [9] (all) (NatFw) saddr: 192.180.6.8 [9] (all) (NatFw) daddr: 192.180.6.8 [9] (all) (NatFw) sport = -1 [9] (all) (NatFw) dport = -1 [9] (all) (NatFw) sid = d415e5b7 2000000f40ff8b76cced1b7 [9] (crit) (NatFw) socket creation failed
With kind regards, Mikael Henriksson _______________________________________________ Nsis_Imp mailing list Nsis_Imp@informatik.uni-goettingen.de https://user.informatik.uni-goettingen.de/mailman/listinfo/nsis_imp
Hello!
Sorry, that output was the wrong output. I had tried with correct ports, -- instead of -. The underlying problem was that NATFWD wasn't on on the NI.
I've fixed that now, and I'm currently doing deeper research. Originally all I wanted was to use NSIS to open ports in a NAT-device. I found out however that to get NATFW to work, I need a deeper understanding of NSIS. I'll come back to you if I need more help.
Thanks, Mikael
Niklas Steinleitner wrote:
Hi Mikael,
your command-line call doesn't match the output (different src&dest-IPs)! Anyway, the right call for the src&dst-ports would be "--" instead of "-" Please try something like: ./nsis-natfw --create -s 192.168.1.1 -d 192.168.1.3 --sport 24323 --dport 434 --debug=0 --allow
Regards, Niklas
Mikael Henriksson schrieb:
Hello,
I've set up a virtual network and installed NSIS on two nodes, of which one acts as a NAT, lets call it node B. The other one is neither a NAT or a firewall; lets call it node A. The network is configured correctly, and the NSIS-PING and NSIS-DIAG utilities work fine. I'm running as root NSIS-NATFW on node A, and it encounters a critical error stating that it cannot create the socket. I presume this is the unix socket mentioned in the man pages. I have had a difficult time trying to figure out why it cannot create that socket, and this seems to be a dead end for me.
Any help is deeply appreciated. Here is an example of running natfw with proxy mode on. 192.168.1.1 is node A, and 192.168.1.3 is node B, on which I want to try to open a hole in the NAT.
./nsis-natfw --create -s 192.168.1.1 -d 192.168.1.3 -sport 24323 -dport 434 -x --debug=0 proxy [9] (info) (NatFw) debug level: 0 [9] (info) (NatFw) message type: CREATE [9] (all) (NatFw) -------------------- [9] (all) (NatFw) apirev = 1 [9] (all) (NatFw) type = 2 [9] (all) (NatFw) proxy = 1 [9] (all) (NatFw) mode = 1 [9] (all) (NatFw) lifetime = 600 [9] (all) (NatFw) policy = 1 [9] (all) (NatFw) subports = 0 [9] (all) (NatFw) opp_address: (null) [9] (all) (NatFw) ds_address: (null) [9] (all) (NatFw) ds_prefix = -1 [9] (all) (NatFw) ds_protocol = -1 [9] (all) (NatFw) ds_port = -1 [9] (all) (NatFw) saddr: 192.180.6.8 [9] (all) (NatFw) daddr: 192.180.6.8 [9] (all) (NatFw) sport = -1 [9] (all) (NatFw) dport = -1 [9] (all) (NatFw) sid = d415e5b7 2000000f40ff8b76cced1b7 [9] (crit) (NatFw) socket creation failed
With kind regards, Mikael Henriksson _______________________________________________ Nsis_Imp mailing list Nsis_Imp@informatik.uni-goettingen.de https://user.informatik.uni-goettingen.de/mailman/listinfo/nsis_imp
nsis_imp@informatik.uni-goettingen.de
-
Mikael Henriksson -
Mikael Henriksson -
Niklas Steinleitner