NAT Question
I have a question regarding ipf and ipnat. I have a firewall with two public IP addresses. One of the IP addresses is for incoming Internet traffic only and the other is for incoming e-mail. I'm not sure why my ISP has done, this, but they have. In otherwords, all incoming http traffic (port 80) will be going to the address 1.2.3.4 and all incoming smtp traffic (port 25) will be going to 1.2.3.5. The internal address of the firewall is 10.129.10.40/24. The webserver has an internal address of 10.129.10.49 and a default gateway of 10.129.10.40 (the firewall). If I use rdr on an incoming connection, will repsonses exit the network on the same interface they entered the firewall on? Following are the rules I would use. ipnat.rules rdr em1 1.2.3.4/32 port 80 -> 10.129.10.49 port 80 tcp ipf.rules pass in on em1 from any to 1.2.3.4 port = 80 keep state pass out on em1 from 1.2.3.4 port = 80 to any keep state Does this solution make sense, or is there a better way to accomplish the same thing? Thanks for your help. Jay ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: nat question
There is no way your ISP can cut out NATted traffic. You would be better off following the handbook firewall section. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Vlad GURDIGA Sent: Monday, June 19, 2006 7:16 PM To: freebsd-questions@freebsd.org Subject: nat question Hello, I could not figureout the answer to a question. Here is the situation: PC A: Windows XP Pro. PC B: FreeBSD 6.1, connected to internet, acting as a gateway for PC A, with NAT (built by hanbook instructions http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html), open firewall, no restrictions. For long time I have used the PC A with PC B as gateway and everything worked just fine, but now PC A can only ping any host (by IP) in Internet. No other traffic (DNS queries, FTP or HTTP) does not reach the Internet comming back with TTL exceeded response apparently from de destination host (I've seen this on PC B with Ethereal). Question: Is there any way my ISP can 'see' and cut out NATted traffic from PC A letting only the traffic from PC B pass?! How?! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
nat question
Hello, I could not figureout the answer to a question. Here is the situation: PC A: Windows XP Pro. PC B: FreeBSD 6.1, connected to internet, acting as a gateway for PC A, with NAT (built by hanbook instructions http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html), open firewall, no restrictions. For long time I have used the PC A with PC B as gateway and everything worked just fine, but now PC A can only ping any host (by IP) in Internet. No other traffic (DNS queries, FTP or HTTP) does not reach the Internet comming back with TTL exceeded response apparently from de destination host (I've seen this on PC B with Ethereal). Question: Is there any way my ISP can 'see' and cut out NATted traffic from PC A letting only the traffic from PC B pass?! How?! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Forward and NAT question
- Original Message - From: "Pierrick Brossin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 26, 2003 9:02 AM Subject: Forward and NAT question > Hi! > > I'm a little bit confused. > I got my server up and running with nat and stuff for a little while now > and I was wondering why would one need both net.inet.ip.forwarding set > to 1 and NAT ? > > I've been searching in the docs and on google for 3 days but I can't > figure out what is forwarding needed for if NAT is enabled... > > Regards > > -Pierrick Brossin > http://www.swissgeeks.com >From the FreeBSD handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/ppp-primer/x237.html) "By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled." If you're running NATD, you have at least 2 interfaces, this has to be enabled for the packets to traverse the interfaces properly. NATD and packet forwarding don't go hand in hand, NATD and IPFW do. net.inet.ip.forwarding allows traffic from the internal interface to gain access to the external interface where NATD is by default listening. Normal NATD traffic flow is this: - Packet is inbound via internal interface - net.inet.ip.forwarding allows the traffic to traverse to external interface - IPFW intercepts traffic at external interface and diverts it to NATD - NATD translates the packet and injects it at the next IPFW rule set - If traffic is allowed by IPFW, traffic exits the system to it's destination Without net.inet.ip.forwarding enabled, the FreeBSD system is merely a system on each network instead of a gateway between them. That's my take on it in a nut shell. -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Forward and NAT question
Hi! I'm a little bit confused. I got my server up and running with nat and stuff for a little while now and I was wondering why would one need both net.inet.ip.forwarding set to 1 and NAT ? I've been searching in the docs and on google for 3 days but I can't figure out what is forwarding needed for if NAT is enabled... Regards -Pierrick Brossin http://www.swissgeeks.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NAT Question
[Please wrap your lines around 70 chars or so] Koroush Saraf wrote: Hi all, I'm trying to setup a BSD box to act as a NAT gateway between private > net and public Internet. My requirements is to map the src and destination > of the packet according to a set of rules. The BSD box has two public IP addresses. Depending on which interface the > packet arrives on it will get routed to a different private destination > address. I'm using ipnat with the following mapping on the NAT box. The Nat box has only 1 interface xl0 the ip addresses of this interface are: public 129.197,244.6/24,129.197.244.7/24, 129.197.244.8/24 private 10.77.1.2/24, 10.77.2.2/24 This is not a particularly good setup. I hope you aren't expecting this to act as a firewall or provide any security? You'd probably be better off setting up the machines with the IP addresses directly, instead of natting. Otherwise, get a second NIC ... it's the right thing to do. Please provide the output of "ifconfig". What you describe above is wrong, but it's possible that you mistyped it. If you actually try to have two IPs on the same NIC that equate to the same network number, your networking will not work as expected. The servers on the private lan are 10.77.1.1/24 and 10.77.2.1/24 on two > different subnets. to List of active MAP/Redirect filters: map xl0 129.197.244.7/32 -> 10.77.1.1/32 map xl0 129.197.244.8/32 -> 10.77.2.1/32 map xl0 10.77.1.1/32 -> 129.197.244.7/32 map xl0 10.77.2.1/32 -> 129.197.244.8/32 However I'm not getting the desired results. You're using the wrong command. Use rdr. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
NAT Question
Hi all, I'm trying to setup a BSD box to act as a NAT gateway between private net and public Internet. My requirements is to map the src and destination of the packet according to a set of rules. The BSD box has two public IP addresses. Depending on which interface the packet arrives on it will get routed to a different private destination address. I'm using ipnat with the following mapping on the NAT box. The Nat box has only 1 interface xl0 the ip addresses of this interface are: public 129.197,244.6/24,129.197.244.7/24, 129.197.244.8/24 private 10.77.1.2/24, 10.77.2.2/24 The servers on the private lan are 10.77.1.1/24 and 10.77.2.1/24 on two different subnets. to List of active MAP/Redirect filters: map xl0 129.197.244.7/32 -> 10.77.1.1/32 map xl0 129.197.244.8/32 -> 10.77.2.1/32 map xl0 10.77.1.1/32 -> 129.197.244.7/32 map xl0 10.77.2.1/32 -> 129.197.244.8/32 However I'm not getting the desired results. From a computer with ip address of 129.197.244.2 I ping 129.197.244.8. I expect the icmp packet to reach the BSDNAT box and get translated to the 10.77.2.1 address and forwarded with src address of 10.77.2.2 out of xl0 to the particular server. Then the server would reply back to 10.77.2.2 and it would get translated back to 129.197.244.2 with a source address of 129.197.244.8. But this is not happening. If the source of the Ping is a BSD box, the reply comes back as if I was routed to the destination server, but in reality its not being routed since the destination server doesn't see the packet for example: ping from Freebsd box Pinging 129.197.244.8 with 32 bytes of data: Reply from 10.77.2.1: bytes=32 time<10ms TTL=255 But 10.77.2.1 doesn't really see the ping packets. (verified using tcpdump and the delay metric which remains the same whether I ping 129.197.244.6) and ping from a windows box doesn't even get translated and times out. So In short I need someone to tell me the correct synthax to setup the mapping so that I can map any src and dst IP address into any other Src and dst address and retain the return path as well. thanks for your thoughts in advance, ~koroush ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
NAT Question
Hi all, I'm trying to setup a BSD box to act as a NAT gateway between private net and public Internet. My requirements is to map the src and destination of the packet according to a set of rules. The BSD box has two public IP addresses. Depending on which interface the packet arrives on it will get routed to a different private destination address. I'm using ipnat with the following mapping on the NAT box. The Nat box has only 1 interface xl0 the ip addresses of this interface are: public 129.197,244.6/24,129.197.244.7/24, 129.197.244.8/24 private 10.77.1.2/24, 10.77.2.2/24 The servers on the private lan are 10.77.1.1/24 and 10.77.2.1/24 on two different subnets. to List of active MAP/Redirect filters: map xl0 129.197.244.7/32 -> 10.77.1.1/32 map xl0 129.197.244.8/32 -> 10.77.2.1/32 map xl0 10.77.1.1/32 -> 129.197.244.7/32 map xl0 10.77.2.1/32 -> 129.197.244.8/32 However I'm not getting the desired results. >From a computer with ip address of 129.197.244.2 I ping 129.197.244.8. I expect the >icmp packet to reach the BSDNAT box and get translated to the 10.77.2.1 address and >forwarded with src address of 10.77.2.2 out of xl0 to the particular server. Then >the server would reply back to 10.77.2.2 and it would get translated back to >129.197.244.2 with a source address of 129.197.244.8. But this is not happening. If the source of the Ping is a BSD box, the reply comes back as if I was routed to the destination server, but in reality its not being routed since the destination server doesn't see the packet for example: ping from Freebsd box Pinging 129.197.244.8 with 32 bytes of data: Reply from 10.77.2.1: bytes=32 time<10ms TTL=255 But 10.77.2.1 doesn't really see the ping packets. (verified using tcpdump and the delay metric which remains the same whether I ping 129.197.244.6) and ping from a windows box doesn't even get translated and times out. So In short I need someone to tell me the correct synthax to setup the mapping so that I can map any src and dst IP address into any other Src and dst address and retain the return path as well. thanks for your thoughts in advance, ~koroush ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Source nat question (ipfw and natd) Revised
On Tue, 28 Jan 2003, Vikash Badal - PCS wrote: > Greetings, > > My current natd.conf is as follows : > -- > redirect_address 10.136.236.18 192.168.28.61 > redirect_address 10.136.236.20 192.168.20.47 > redirect_address 10.136.236.19 192.168.21.47 > - > When i add the following maping : > redirect_address 10.136.236.18 192.168.15.47 > the source address for connections to 192.168.15.0/24 > is 192.168.25.61 > > what I want to do is : if i initiate a connection to 192.168.15.0/24 > from 10.136.238.18 then i need the source address to be 192.168.15.47 > > If i initiate a connection to 192.168.28.0/24 from 10.136.238.18 then i > need the source address to be 192.168.28.61 > > network layout > > 192.168.16.0:255.255.240.0 --- > 192.168.15.0:255.255.255.0 ---| | > | | > | HUB | > | | > vx0 === 192.168.15.47 (alias address) 192.168.28.61 > > xl0 === 10.136.236.5 > | > | > | > 10.136.236.0/24 > > > The machines on 192.168.x.x only hit 10.136.236.[18/19/20] > depending the application required. The source address of packets > from the 192.168.x.x remains unaltered. > > The machines on the 10.136.236.0 network have a static route > to the 192.168.x.x network. > > The translations work for : > 10.136.236.20 to 192.168.20.0/24 i.e > the 192.168.20.0/24 sees the source as 192.168.28.61 > 10.136.236.19 to 192.168.21.0/24 i.e > the 192.168.20.0/24 sees the source as 192.168.20.47 > > When i try to connect from 10.136.236.18 to 192.168.15.0/24, > the source address is 192.168.28.61. I needed the source > address to be 192.168.15.47 only when i connect to 192.168.15.0/24 > > If i change the order of the redirect rules in /etc/natd.conf : > i.e > redirect_address 10.136.236.18 192.168.15.47 > is place before > redirect_address 10.136.236.18 192.168.28.61 > > then the translation to 192.168.28.0/24 no longer works but the > translation for 192.168.15.0/24 works. Yes, this is true as it will use the first entry in natd.conf for the translation. The problem is, you are thinking of the translations backwards. Are only 3 machines on the 10.136 segment talking to only 3 machines on the 192 segment? Does communication have to go both ways, ie. do the 192.168 machines need to talk to 10.136 machines? Also, you can run multiple copies of natd for the same interface (different port needed) and direct packets to the different natds based on the firewall rules applied: Firewall rules and Corresponding Natd #1( on port 8668): # ipfw divert 8668 ip from 10.136.236.18/32 to 192.168.15.0/24 out via vx0 # ipfw divert 8668 ip from 192.168.15.0/24 to 192.168.15.47/32 in via vx0 # natd -p 8668 -n vx0 -redirect_address 10.136.236.18 192.168.15.47 Firewall rules and Corresponding natd #2 (port 8669): # ipfw divert 8669 ip from 10.136.236.18/32 to 192.168.28.0/24 out via vx0 # ipfw divert 8669 ip from 192.168.28.0/24 to 192.168.28.61/32 in via vx0 # natd -p 8669 -n vx0 -redirect_address 10.136.236.18 192.168.28.61 Nick Rogness <[EMAIL PROTECTED]> - How many people here have telekenetic powers? Raise my hand. -Emo Philips To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Source nat question (ipfw and natd)
On Sun, 26 Jan 2003, Vikash Badal wrote: > > > I currently have a box (4.7p3) that i want to connect to four different > > > networks According to the man page i can only nat on one interface using > > > natd. > > > > > > My current natd.conf is as follows : > > > -- > > > redirect_address 10.136.236.18 192.168.28.61 > > > redirect_address 10.136.236.20 192.168.20.47 > > > redirect_address 10.136.236.19 192.167.11.47 > > > -- > > > > > > When i add the following maping : > > > redirect_address 10.136.236.18 192.168.15.47 > > > > > > the source address for connections to 192.168.15.0/24 is 192.168.25.61 > > > is there any way i can setup natd and ipfw so that if packets are > > > destined for 192.168.15.0/24 then the source address should be > > > 192.168.15.47 > > > I'm still not sure what you are trying to accomplish here. You talk about source address for connections to 192.168.15.0/24...from where ? From the 192.168.X.X network? If so, you can run a seperate copy of natd in -reverse mode and an alias address to translate the source address. It becomes tricky to do but it might be what you want. What are you trying to accomplish? It sounds like you want the -reverse option for nat but I don't know what machines are where and how your network is laid out and how traffic flows across the BSD machine. Do you want all machines on the 192.168.X.X network (connected via vx0) to hit 10.136.X.X network with the same source address always? Please clarify. Also, comments below: > > I made a typo in the original mail : > ===> redirect_address 10.136.236.19 192.167.11.47 > should be redirect_address 10.136.236.19 192.168.21.47 > > configs: > > rc.conf: > > kern_securelevel_enable="NO" > nfs_reserved_port_only="YES" > sendmail_enable="NONE" > sshd_enable="YES" > inetd_enable="NO" > portmap_enable="NO" > gateway_enable="YES" > ntpdate_flags="10.131.156.5" > ntpdate_enable="YES" > natd_enable="YES" > natd_interface="vx0" > natd_flags="-config /etc/natd.conf" > hostname="nwest-fw.natis.natis" > ifconfig_xl0="inet 10.136.236.5 netmask 255.255.255.0" > ifconfig_vx0="inet 192.168.28.61 netmask 255.255.240.0" > ifconfig_vx0_alias0="inet 192.168.15.57 netmask 255.255.255.0 > defaultrouter="10.136.236.1" > firewall_enable="YES" > firewall_type="natis" > firewall_quiet="YES" > > With your default gateway 10.136.236.1 I hope that the machines on the 10.136 network know how to reach the 192 network. > nwest-fw# ipfw -a l > 00050 0 0 divert 8668 ip from any to any via vx0 > 00100 32 2000 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 00400 0 0 check-state [SNIP] Why are you running stateful inspection intermixed with nat? That is a bad combination. > > nwest-fw# cat /etc/natd.conf > redirect_address 10.136.236.18 192.168.28.61 > redirect_address 10.136.236.20 192.168.20.47 > redirect_address 10.136.236.19 192.168.21.47 > redirect_address 10.136.236.18 192.168.15.47 So do these translations work? The only way to test them is from the 192.168 network. Also, 192.168.15.47.??.But the vx0 interface is setup with IP 192.168.15.57? Nick Rogness <[EMAIL PROTECTED]> - How many people here have telekenetic powers? Raise my hand. -Emo Philips To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Source nat question (ipfw and natd)
Hi Nick, - Original Message - From: "Nick Rogness" <[EMAIL PROTECTED]> To: "Vikash Badal" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, January 26, 2003 2:01 AM Subject: Re: Source nat question (ipfw and natd) > On Sat, 25 Jan 2003, Vikash Badal wrote: > > > Greetings, > > > > I currently have a box (4.7p3) that i want to connect to four different > > networks According to the man page i can only nat on one interface using > > natd. > > > > My current natd.conf is as follows : > > -- > > redirect_address 10.136.236.18 192.168.28.61 > > redirect_address 10.136.236.20 192.168.20.47 > > redirect_address 10.136.236.19 192.167.11.47 > > -- > > > > When i add the following maping : > > redirect_address 10.136.236.18 192.168.15.47 > > > > the source address for connections to 192.168.15.0/24 is 192.168.25.61 > > is there any way i can setup natd and ipfw so that if packets are > > destined for 192.168.15.0/24 then the source address should be > > 192.168.15.47 > > > > Yes, it is possible...just a pain in the butt. I am not clear > exactly what your mean. If you wish to pursue this, you need to > send the output of: > > # cat /etc/rc.conf > # ipfw -a l > # netstat -rn > # ps -aux |grep nat > > > And any additional nat configuration files or settings. That > would greatly improve the chances of your questions getting > answered. > > > Nick Rogness <[EMAIL PROTECTED]> I made a typo in the original mail : ===> redirect_address 10.136.236.19 192.167.11.47 should be redirect_address 10.136.236.19 192.168.21.47 configs: rc.conf: kern_securelevel_enable="NO" nfs_reserved_port_only="YES" sendmail_enable="NONE" sshd_enable="YES" inetd_enable="NO" portmap_enable="NO" gateway_enable="YES" ntpdate_flags="10.131.156.5" ntpdate_enable="YES" natd_enable="YES" natd_interface="vx0" natd_flags="-config /etc/natd.conf" hostname="nwest-fw.natis.natis" ifconfig_xl0="inet 10.136.236.5 netmask 255.255.255.0" ifconfig_vx0="inet 192.168.28.61 netmask 255.255.240.0" ifconfig_vx0_alias0="inet 192.168.15.57 netmask 255.255.255.0 defaultrouter="10.136.236.1" firewall_enable="YES" firewall_type="natis" firewall_quiet="YES" nwest-fw# ipfw -a l 00050 0 0 divert 8668 ip from any to any via vx0 00100 32 2000 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 00400 0 0 check-state 00500 0 0 deny tcp from any to any established 00600 0 0 deny log logamount 256 ip from any to any ipopt ssrr 00700 0 0 deny log logamount 256 ip from any to any ipopt lsrr 00800 0 0 deny ip from 10.136.236.0/24 to any in recv vx0 00900 0 0 deny ip from 192.168.16.0/20 to any in recv xl0 01000 0 0 allow tcp from any to 10.136.236.5 22 keep-state setup 01200 0 0 allow tcp from any to 192.168.28.61 5507 keep-state setup 01300 0 0 allow tcp from any to 192.168.20.47 8080 keep-state setup 01400 0 0 allow tcp from any to 192.168.21.47 5150 keep-state setup 01500 0 0 allow tcp from any to 192.168.15.57 5507 keep-state setup 01600 0 0 allow tcp from any to 10.136.236.18 5507 keep-state setup 01700 0 0 allow tcp from any to 10.136.236.20 8080 keep-state setup 01800 0 0 allow tcp from any to 10.136.236.19 5150 keep-state setup 01900 0 0 deny log logamount 256 tcp from any to any in recv vx0 02000 0 0 deny log logamount 256 icmp from any to any frag 02100 0 0 allow udp from any to any 33434-33443 keep-state 02200 0 0 allow icmp from any to any keep-state icmptype 3,11 02300 0 0 allow icmp from any to any keep-state icmptype 0,8 02400 0 0 allow udp from 10.136.236.5 to 10.131.156.5 123 keep-state 02500 0 0 allow tcp from 10.136.236.5 to 10.131.156.5 5999,80 keep-state setup 65535 0 0 deny ip from any to any == nwest-fw# netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default10.136.236.1 UGSc10xl0 10.10.10/24link#2 UC 10xl0 10.10.10.1 00:c0:df:e3:da:a9 UHLW1 506xl0937 10.136.236/24 link#2 UC 10xl0 10.136.236.1 link#2 UHLW20xl0 127.0.0.1 127.0.0.1 UH 0
Re: Source nat question (ipfw and natd)
On Sat, 25 Jan 2003, Vikash Badal wrote: > Greetings, > > I currently have a box (4.7p3) that i want to connect to four different > networks According to the man page i can only nat on one interface using > natd. > > My current natd.conf is as follows : > -- > redirect_address 10.136.236.18 192.168.28.61 > redirect_address 10.136.236.20 192.168.20.47 > redirect_address 10.136.236.19 192.167.11.47 > -- > > When i add the following maping : > redirect_address 10.136.236.18 192.168.15.47 > > the source address for connections to 192.168.15.0/24 is 192.168.25.61 > is there any way i can setup natd and ipfw so that if packets are > destined for 192.168.15.0/24 then the source address should be > 192.168.15.47 > Yes, it is possible...just a pain in the butt. I am not clear exactly what your mean. If you wish to pursue this, you need to send the output of: # cat /etc/rc.conf # ipfw -a l # netstat -rn # ps -aux |grep nat And any additional nat configuration files or settings. That would greatly improve the chances of your questions getting answered. Nick Rogness <[EMAIL PROTECTED]> - How many people here have telekenetic powers? Raise my hand. -Emo Philips To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Source nat question (ipfw and natd)
Greetings, I currently have a box (4.7p3) that i want to connect to four different networks According to the man page i can only nat on one interface using natd. My current natd.conf is as follows : -- redirect_address 10.136.236.18 192.168.28.61 redirect_address 10.136.236.20 192.168.20.47 redirect_address 10.136.236.19 192.167.11.47 -- When i add the following maping : redirect_address 10.136.236.18 192.168.15.47 the source address for connections to 192.168.15.0/24 is 192.168.25.61 is there any way i can setup natd and ipfw so that if packets are destined for 192.168.15.0/24 then the source address should be 192.168.15.47 Please Advise Vikash To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: NAT question
On Wed, Nov 06, 2002 at 04:18:55PM -0500, Alvaro Rosales R. wrote: > Hi fellows Im trying to setup natd on my FreeBDS 4.5 box, And I want to test my >clients I > have starte natd an put the open parameter on the firwall flags., but when I ping an > internet address from my client (my client has as default gateway the internal ip >address > of the natd box).What would I need to do to make mi clients ping an external ip > address?. > Thanks in advance Hi, have you set up a nat rule for your internal ip address range? If not, you need to map them to your 'official' ip address. Using ipnat that rule would look like: map [external interface] [internal ip range] -> 0.0.0.0/32 if you're using natd check the manual for the corresponding rule. cheers, tom To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
NAT question
Hi fellows Im trying to setup natd on my FreeBDS 4.5 box, And I want to test my clients I have starte natd an put the open parameter on the firwall flags., but when I ping an internet address from my client (my client has as default gateway the internal ip address of the natd box).What would I need to do to make mi clients ping an external ip address?. Thanks in advance To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
