Help with IPF and IPNAT
Argh! I've been pulling my hair out trying to get my NAT gateway going. I have two interfaces, one external and internal, servicing a private LAN. From the LAN I can ping the internal interface and the external interface, but I can't get past the ext. interface. For testing my rules are pass in all and pass out all. From the gateway itself I can ping anywhere outside or inside. I have tried loading IPNAT and IPF as loadable kernel modules by adding the following to /etc/rc.conf: gateway_enable=YES network_interfaces=x10 dc0 lo0 ifconfig x10... ifconfig dc0... ipfilter_enable=YES ipfilter_rules=/etc/ipf.rules ipfilter_program=/sbin/ipf ipfilter_flags= ipnat_enable=YES ipnat_program=/sbin/ipnat ipnat_flags= Each interface is up and running. My default gateway in /etc/rc.conf is the gateway of the external NIC. Can anyone see anything wrong with what I am doing, or something missing? Do I need routed installed and running? I also tried forward_sourceroute=YES, but that didn't seem to help. Thanks, Adam Lofstedt mail2web - Check your email from the web at http://mail2web.com/ . To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Help with IPF and IPNAT
You didn't send any rules for it? Do you tune them? Try to read this about ip filter installation and sturtup-time pulling. http://www.freebsddiary.org/topics.php#ipfilter [EMAIL PROTECTED] wrote: Argh! I've been pulling my hair out trying to get my NAT gateway going. I have two interfaces, one external and internal, servicing a private LAN. From the LAN I can ping the internal interface and the external interface, but I can't get past the ext. interface. For testing my rules are pass in all and pass out all. From the gateway itself I can ping anywhere outside or inside. I have tried loading IPNAT and IPF as loadable kernel modules by adding the following to /etc/rc.conf: gateway_enable=YES network_interfaces=x10 dc0 lo0 ifconfig x10... ifconfig dc0... ipfilter_enable=YES ipfilter_rules=/etc/ipf.rules ipfilter_program=/sbin/ipf ipfilter_flags= ipnat_enable=YES ipnat_program=/sbin/ipnat ipnat_flags= Each interface is up and running. My default gateway in /etc/rc.conf is the gateway of the external NIC. Can anyone see anything wrong with what I am doing, or something missing? Do I need routed installed and running? I also tried forward_sourceroute=YES, but that didn't seem to help. Thanks, Adam Lofstedt mail2web - Check your email from the web at http://mail2web.com/ . To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Best regards, Aleksey I. Yurlov [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Help with IPF and IPNAT
On Wed, 25 Dec 2002, [EMAIL PROTECTED] wrote: Argh! I've been pulling my hair out trying to get my NAT gateway going. I have two interfaces, one external and internal, servicing a private LAN. From the LAN I can ping the internal interface and the external interface, but I can't get past the ext. interface. For testing my rules are pass in all and pass out all. From the gateway itself I can ping anywhere outside or inside. I have tried loading IPNAT and IPF as loadable kernel modules by adding the following to /etc/rc.conf: gateway_enable=YES network_interfaces=x10 dc0 lo0 ifconfig x10... ifconfig dc0... ipfilter_enable=YES ipfilter_rules=/etc/ipf.rules ipfilter_program=/sbin/ipf ipfilter_flags= ipnat_enable=YES ipnat_program=/sbin/ipnat ipnat_flags= Each interface is up and running. My default gateway in /etc/rc.conf is the gateway of the external NIC. Can anyone see anything wrong with what I am doing, or something missing? Do I need routed installed and running? I also tried forward_sourceroute=YES, but that didn't seem to help. Thanks, Adam Lofstedt You need a MAP rule in your ipnat.rules file to map the private subnet into your public IP address (that of the gateway). If you don't have this in there, then you are not doing NAT, just packet filtering. man ipnat man 5 ipnat Marco Radzinschi E-Mail: [EMAIL PROTECTED] Wed Dec 25 17:08:12 EST 2002 To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
