RE: nat question
There is no way your ISP can cut out NATted traffic. You would be better off following the handbook firewall section. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Vlad GURDIGA Sent: Monday, June 19, 2006 7:16 PM To: freebsd-questions@freebsd.org Subject: nat question Hello, I could not figureout the answer to a question. Here is the situation: PC A: Windows XP Pro. PC B: FreeBSD 6.1, connected to internet, acting as a gateway for PC A, with NAT (built by hanbook instructions http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html), open firewall, no restrictions. For long time I have used the PC A with PC B as gateway and everything worked just fine, but now PC A can only ping any host (by IP) in Internet. No other traffic (DNS queries, FTP or HTTP) does not reach the Internet comming back with TTL exceeded response apparently from de destination host (I've seen this on PC B with Ethereal). Question: Is there any way my ISP can 'see' and cut out NATted traffic from PC A letting only the traffic from PC B pass?! How?! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NAT Question
[Please wrap your lines around 70 chars or so] Koroush Saraf wrote: Hi all, I'm trying to setup a BSD box to act as a NAT gateway between private > net and public Internet. My requirements is to map the src and destination > of the packet according to a set of rules. The BSD box has two public IP addresses. Depending on which interface the > packet arrives on it will get routed to a different private destination > address. I'm using ipnat with the following mapping on the NAT box. The Nat box has only 1 interface xl0 the ip addresses of this interface are: public 129.197,244.6/24,129.197.244.7/24, 129.197.244.8/24 private 10.77.1.2/24, 10.77.2.2/24 This is not a particularly good setup. I hope you aren't expecting this to act as a firewall or provide any security? You'd probably be better off setting up the machines with the IP addresses directly, instead of natting. Otherwise, get a second NIC ... it's the right thing to do. Please provide the output of "ifconfig". What you describe above is wrong, but it's possible that you mistyped it. If you actually try to have two IPs on the same NIC that equate to the same network number, your networking will not work as expected. The servers on the private lan are 10.77.1.1/24 and 10.77.2.1/24 on two > different subnets. to List of active MAP/Redirect filters: map xl0 129.197.244.7/32 -> 10.77.1.1/32 map xl0 129.197.244.8/32 -> 10.77.2.1/32 map xl0 10.77.1.1/32 -> 129.197.244.7/32 map xl0 10.77.2.1/32 -> 129.197.244.8/32 However I'm not getting the desired results. You're using the wrong command. Use rdr. -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: NAT question
On Wed, Nov 06, 2002 at 04:18:55PM -0500, Alvaro Rosales R. wrote: > Hi fellows Im trying to setup natd on my FreeBDS 4.5 box, And I want to test my >clients I > have starte natd an put the open parameter on the firwall flags., but when I ping an > internet address from my client (my client has as default gateway the internal ip >address > of the natd box).What would I need to do to make mi clients ping an external ip > address?. > Thanks in advance Hi, have you set up a nat rule for your internal ip address range? If not, you need to map them to your 'official' ip address. Using ipnat that rule would look like: map [external interface] [internal ip range] -> 0.0.0.0/32 if you're using natd check the manual for the corresponding rule. cheers, tom To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
