I kinda assumed that the packets would have been translated to be from the machine on the firewall ... it was only after snooping from the firewall that I noticed the originator ...
I'm going to have to "delegate" because I don't trust the windows server to know anything about the outside world. Ahh well ... another thing to write up on the internal wiki. Thanks everyone. On 19 April 2013 13:10, Gary Gendel <g...@genashor.com> wrote: > We've all been there. :( > > > On 04/19/2013 08:08 AM, Jonathan Adams wrote: > >> ignore me, i'm just being stupid! >> >> on the accelerated host I needed to add the route to the external server >> :( >> >> >> On 19 April 2013 12:58, Jonathan Adams <t12nsloo...@gmail.com> wrote: >> >> On 19 April 2013 11:45, Gary Gendel <g...@genashor.com> wrote: >>> >>> Jon, >>>> >>>> I redirect ports fine using nat. I'm trying to understand what's >>>> different between your and my setup. For example in my ipnat.conf file >>>> I >>>> have: >>>> >>>> rdr bge0 0.0.0.0/0 port 2022 -> 10.101.1.9 port 22 tcp/udp >>>> >>>> Where bge0 is my external nic (bge1 is my internal nic). BTW, I use >>>> 0.0.0.0/0 so it automatically picks up my external nic's ip address >>>> (I've have pseudo-dynamic IP from my ISP). >>>> >>>> >>>> I originally used 0.0.0.0/0 but was wondering if it was capturing >>> packets >>> coming through so limited to the external IP address ... >>> >>> I use ipnat happily on another machine for transparent proxying: >>> >>> # redirect all port 80 transactions to squid >>> rdr internal2 any port 80 -> 192.168.0.82 port 3128 >>> >>> # NAT all port 443 (https) to the external address directly. >>> map external2 from any to 83.138.182.145 port = 443 -> 94.136.227.100/32 >>> >>> and that works a charm. >>> >>> I modified ipf.conf to allow and log everything ... then lines from ipmon >>> are: >>> >>> 19/04/2013 12:53:30.895801 iprb0 @0:2 p n.n.180.45,46135 -> >>> 192.168.0.12,143 PR tcp len 20 40 -R IN NAT >>> 19/04/2013 12:53:30.895818 bge0 @0:1 p n.n.180.45,46135 -> >>> 192.168.0.12,143 PR tcp len 20 40 -R OUT >>> 19/04/2013 12:53:32.799328 iprb0 @0:2 p n.n.180.45,46607 -> >>> 192.168.0.12,143 PR tcp len 20 52 -S IN NAT >>> 19/04/2013 12:53:32.799344 bge0 @0:1 p n.n.180.45,46607 -> >>> 192.168.0.12,143 PR tcp len 20 52 -S OUT >>> 19/04/2013 12:53:36.176407 iprb0 @0:2 p n.n.180.45,46607 -> >>> 192.168.0.12,143 PR tcp len 20 52 -S IN NAT >>> 19/04/2013 12:53:36.176423 bge0 @0:1 p n.n.180.45,46607 -> >>> 192.168.0.12,143 PR tcp len 20 52 -S OUT >>> 19/04/2013 12:53:42.239530 bge0 @0:1 p 192.168.0.20,138 -> >>> 192.168.0.255,138 PR udp len 20 267 IN mbcast >>> 19/04/2013 12:53:42.935736 iprb0 @0:2 p n.n.180.45,46607 -> >>> 192.168.0.12,143 PR tcp len 20 52 -S IN NAT >>> 19/04/2013 12:53:42.935752 bge0 @0:1 p n.n.180.45,46607 -> >>> 192.168.0.12,143 PR tcp len 20 52 -S OUT >>> >>> but if I snoop from 192.168.0.12 there are no packets coming in. >>> >>> strange ... I'm sure I'm just missing something little. >>> >>> Jon >>> >>> ______________________________**_________________ >> OpenIndiana-discuss mailing list >> OpenIndiana-discuss@**openindiana.org<OpenIndiana-discuss@openindiana.org> >> http://openindiana.org/**mailman/listinfo/openindiana-**discuss<http://openindiana.org/mailman/listinfo/openindiana-discuss> >> > > > ______________________________**_________________ > OpenIndiana-discuss mailing list > OpenIndiana-discuss@**openindiana.org<OpenIndiana-discuss@openindiana.org> > http://openindiana.org/**mailman/listinfo/openindiana-**discuss<http://openindiana.org/mailman/listinfo/openindiana-discuss> > _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss