Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 29 Oct 2000 21:00:19 +0100
From:      Len Conrad <lconrad@Go2France.com>
To:        freebsd-questions@freebsd.org
Subject:   ipnat / oltr
Message-ID:  <5.0.0.25.0.20001029204727.024986f0@mail.Go2France.com>
In-Reply-To: <5.0.0.25.0.20001029194129.03cdc660@mail.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
FreeBSD 4.1-R and ipfilter 3.4.13, with ifilter as module.

(We had good success with a couple of FreeBSD 3.1 and 3.4 with 
earlier ipf 3.3 and 3.4 in the kernal and really weren't expecting 
any trouble now, but....)

# kldstat
Id Refs Address    Size     Name
  1    2 0xc0100000 2335c4   kernel
  2    1 0xc0ae8000 15000    ipf.ko

We are just trying to get a simple ipnat running with this rule (no 
ipfilter,yet):

map oltr0 192.168.10.0/24 -> xxx.73.yyy.242/32 portmap tcp/udp 40000:65000
map oltr0 192.168.10.0/24 -> xxx.73.yyy.242/32

# ipnat -l
List of active MAP/Redirect filters:
map oltr0 192.168.10.0/24  -> xxx.73.yyy.242/32  portmap tcp/udp 40000:65000
map oltr0 192.168.10.0/24  -> xxx.73.yyy.242/32

List of active sessions: (none)


Telnetting to the ipf machine, we try to ping from the inside i/f 
192.168.10.1 to the outside of next-hop router i/f:

ping -S 192.168.10.1 xxx.73.yyy.22

... works, but we cannot get an active NAT session showing. stumped.

ping -S 192.168.10.1 xxx.73.yyy.69   (a bit futher upstream)

... fails, however ping from the ipnat's outside i/f

ping -S xxx.73.yyy.242 xxx.73.yyy.69

... works fine to everywhere.

========

ipf machine's routing table:

Destination        Gateway            Flags      Netif Expire
default            xxx.73.yyy.241     UGSc        3      477      xl0
127.0.0.1          127.0.0.1          UH          0        0      lo0
192.168.10         link#1             UC          0        0    oltr0 =>
192.168.10.1       0.0.83.42.40.2f    UHLW        0      120      lo0
xxx.73.yyy.240/30  link#2             UC          0        0      xl0 =>
xxx.73.yyy.241     0:50:73:76:42:81   UHLW        4      105      xl0    304
xxx.73.yyy.242     0:1:2:b2:ad:a5     UHLW        0      120      lo0

Ideas?

tia,
Len

http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 & 8.2.3 T6B for NT4 & W2K
http://IMGate.MEIway.com:  Build free, hi-perf, anti-spam mail gateways



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.0.25.0.20001029204727.024986f0>