Check out NAT (network address translation) On Wed, Mar 9, 2016 at 9:11 PM, <j...@m5.chicago.il.us> wrote:
> > This should be a simple and short thread. > > How do I configure packet filter on my computer, with two network > interfaces, to masquerade from my private LAN to the outside world, so > machines on my private LAN can have conversations with machines that > have public IP addresses? Astonishingly, search engines have not led > me swiftly to the solution (lots of stuff about sendmail masquerading > though, in case anyone cares about that), nor can I find helpful > documentation on the Oracle documents website. I have done my best to > read the fabulous manual, but I am confused. > > You can omit telling me about routeadm, I've already done that. The > computer is already set up to route IP datagrams, I just need to get > the packet filtering right. > > Here is the state of my router machine at present: > > > / # ipadm show-addr > ADDROBJ TYPE STATE ADDR > lo0/v4 static ok 127.0.0.1/8 > net0/dhcp dhcp ok 99.140.186.69/30 > net1/v4 static ok 192.168.1.42/24 > net1/v4a static ok 172.16.1.1/16 > lo0/v6 static ok ::1/128 > / # ndd -get /dev/ip ip_forwarding > 1 > / # cat /etc/ipf/ipnat.conf > map net1 172.16.0.0/16 -> 0.0.0.0/32 > map net1 192.168.1.0/24 -> 0.0.0.0/32 > / # ipnat -l > List of active MAP/Redirect filters: > rdr * 0.0.0.0/0 port 21 -> 0.0.0.0/32 port 21 tcp proxy ftp > map net1 172.16.0.0/16 -> 0.0.0.0/32 > map net1 192.168.1.0/24 -> 0.0.0.0/32 > > List of active sessions: > MAP 172.16.1.1 53 <- -> 192.168.1.42 53 [172.16.1.3 56138] > MAP 172.16.1.1 53 <- -> 192.168.1.42 53 [172.16.1.3 61524] > MAP 172.16.1.1 53 <- -> 192.168.1.42 53 [172.16.1.3 55160] > MAP 172.16.1.1 64496 <- -> 192.168.1.42 64496 [172.16.1.3 22] > > > I can ssh in to machines (e.g., the abovementioned 172.16.1.3) on my > home network, but once logged in, I cannot access the outside world > therefrom (e.g., "ping 8.8.8.8" times out). Needless to say, > 172.16.1.1 is the default router for 172.16.1.3, so that is not the > problem. And, if further proof be needed, 172.16.1.3 can easily ping > 99.140.186.69. So the masquerading is the problem, not the routing. > As I indicated, probably an extremely easy question to answer if you > know the answer. I'm sure it's something simple, like maybe the zeros > are supposed to be on the left rather than the right, in ipnat.conf. > Thank you in advance for any and all replies. > > > Jay F. Shachter > 6424 N Whipple St > Chicago IL 60645-4111 > (1-773)7613784 landline > (1-410)9964737 GoogleVoice > j...@m5.chicago.il.us > http://m5.chicago.il.us > > "Quidquid latine dictum sit, altum videtur" > > > _______________________________________________ > openindiana-discuss mailing list > openindiana-discuss@openindiana.org > http://openindiana.org/mailman/listinfo/openindiana-discuss > _______________________________________________ openindiana-discuss mailing list openindiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss