Re: can't get binat working
>> Do I need to set an alias IP (the mapped IP) for binat to work? >> >> > > Technically not, you just need 'some way' to get other hosts to send > you traffic for that address. Could be proxy arp, could be route table > entries (static or routing protocols), but in practice adding an > alias IP is usually what you want. > > Thanks. Alias did the job. Thanks everyone! shohrukh
Re: can't get binat working
On 2010-01-12, Shohrukh Shoyoqubov wrote: > On 1/12/2010 4:01 PM, Shohrukh Shoyoqubov wrote: >> On Tue, Jan 12, 2010 at 2:25 PM, Laurent CARON >> wrote: >> >>> On 12/01/2010 07:19, Shohrukh Shoyoqubov wrote: >>> I want all traffic to 192.168.0.253 to be forwarded to 192.168.2.2. I assume that should make 192.168.0.253 visible in 192.168.0.0/24 subnet, but it is not. I can't reach it from 192.168.0.0/24 subnet. I am just testing with this lab config and later, I want to use binat to assign real IPs to DMZ machines. >>> Hi, >>> >>> What are you *really* trying to achieve ? >>> >>> Mapping public IPs to private ones ? >>> >>> >>> >> Yes >> > Do I need to set an alias IP (the mapped IP) for binat to work? > > Technically not, you just need 'some way' to get other hosts to send you traffic for that address. Could be proxy arp, could be route table entries (static or routing protocols), but in practice adding an alias IP is usually what you want.
Re: can't get binat working
On 1/12/2010 9:03 PM, Jim Razmus wrote: * Shohrukh Shoyoqubov [100112 01:35]: Hello, I am new to pf and I am trying to do binat but it is not working for some reason. fxp1 is the interface on subnet 192.168.0.0/24 vr0 is the interface on subnet 192.168.2.0/24 Here is my pf.conf #left from the original pf.conf set skip on lo pass# to establish keep-state block in on ! lo0 proto tcp to port 6000:6010 #added by me binat on fxp1 inet from 192.168.2.2 to any -> 192.168.0.253 I want all traffic to 192.168.0.253 to be forwarded to 192.168.2.2. I assume that should make 192.168.0.253 visible in 192.168.0.0/24 subnet, but it is not. I can't reach it from 192.168.0.0/24 subnet. I am just testing with this lab config and later, I want to use binat to assign real IPs to DMZ machines. I believe I am missing something obvious. Any ideas? Thank you, Shohrukh If you're tracking -current, read this: http://www.openbsd.org/faq/current.html#20090901 jim Thanks. Good to know ahead :) I am using 4.6 release. It uses the 'old-style' nat. The match based rules are only in -current and gonna be in 4.7, right? shohrukh
Re: can't get binat working
On 1/12/2010 4:01 PM, Shohrukh Shoyoqubov wrote: On Tue, Jan 12, 2010 at 2:25 PM, Laurent CARON wrote: On 12/01/2010 07:19, Shohrukh Shoyoqubov wrote: I want all traffic to 192.168.0.253 to be forwarded to 192.168.2.2. I assume that should make 192.168.0.253 visible in 192.168.0.0/24 subnet, but it is not. I can't reach it from 192.168.0.0/24 subnet. I am just testing with this lab config and later, I want to use binat to assign real IPs to DMZ machines. Hi, What are you *really* trying to achieve ? Mapping public IPs to private ones ? Yes Do I need to set an alias IP (the mapped IP) for binat to work?
Re: can't get binat working
On 1/12/2010 7:02 PM, Wade, Daniel wrote: Do you have net.inet.ip.forwarding=1 set? Yes. The machine actually acts as a router for some other networks. It has more interfaces in fact. I just showed the ones involved in binat.
Re: can't get binat working
On Tue, Jan 12, 2010 at 2:25 PM, Laurent CARON wrote: > On 12/01/2010 07:19, Shohrukh Shoyoqubov wrote: >> >> I want all traffic to 192.168.0.253 to be forwarded to 192.168.2.2. I >> assume that should make 192.168.0.253 visible in 192.168.0.0/24 >> subnet, but it is not. I can't reach it from 192.168.0.0/24 subnet. >> I am just testing with this lab config and later, I want to use binat >> to assign real IPs to DMZ machines. > > Hi, > > What are you *really* trying to achieve ? > > Mapping public IPs to private ones ? > > Yes
Re: can't get binat working
On 12/01/2010 07:19, Shohrukh Shoyoqubov wrote: I want all traffic to 192.168.0.253 to be forwarded to 192.168.2.2. I assume that should make 192.168.0.253 visible in 192.168.0.0/24 subnet, but it is not. I can't reach it from 192.168.0.0/24 subnet. I am just testing with this lab config and later, I want to use binat to assign real IPs to DMZ machines. Hi, What are you *really* trying to achieve ? Mapping public IPs to private ones ?
can't get binat working
Hello, I am new to pf and I am trying to do binat but it is not working for some reason. fxp1 is the interface on subnet 192.168.0.0/24 vr0 is the interface on subnet 192.168.2.0/24 Here is my pf.conf #left from the original pf.conf set skip on lo pass# to establish keep-state block in on ! lo0 proto tcp to port 6000:6010 #added by me binat on fxp1 inet from 192.168.2.2 to any -> 192.168.0.253 I want all traffic to 192.168.0.253 to be forwarded to 192.168.2.2. I assume that should make 192.168.0.253 visible in 192.168.0.0/24 subnet, but it is not. I can't reach it from 192.168.0.0/24 subnet. I am just testing with this lab config and later, I want to use binat to assign real IPs to DMZ machines. I believe I am missing something obvious. Any ideas? Thank you, Shohrukh
