Date: Sun, 14 Dec 2003 18:01:08 -0500 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "hugle" <hugle@vkt.lt>, <freebsd-questions@freebsd.org> Subject: RE: ipnat+ipfw + 3 gateways Message-ID: <MIEPLLIBMLEEABPDBIEGGEKCFAAA.fbsd_user@a1poweruser.com> In-Reply-To: <1120787753.20031215004154@vkt.lt>
next in thread | previous in thread | raw e-mail | index | archive | help
I think you are confused. IPNAT is part of ipfilter firewall and IPFW is an different firewall who has his own NATD function. You can not use one part from one and the other part from the other one. They work as an set, IPNAT/IPFILTER or IPFW/NATD. Your best bet is to use IPNAT and it's firewall IPFILTER. http://www.obfuscation.org/ipf/ipf-howto.html#TOC_1 -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of hugle Sent: Monday, December 15, 2003 3:42 AM To: freebsd-questions@freebsd.org Subject: ipnat+ipfw + 3 gateways hello all. I'm trying to to smth like load balancing between 3 interfaces using ipnat and ipfw my gw's are: 213.252.192.161 on fxp0 with 213.252.192.162 213.252.192.141 on vlan0 with 213.252.192.142 212.59.9.1 on rl1 with 212.59.9.59 the ruleset i have is: in ipfw: ipfw add 1001 fwd 213.252.192.141 ip from 213.252.192.142 to any ipfw add 1002 fwd 213.252.192.161 ip from 213.252.192.162 to any ipfw add 1003 fwd 212.59.9.1 ip from 212.59.9.59 to any and ipnat.rules #games gw map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 53 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6111 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6112 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6113 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6114 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6115 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6116 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6117 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6118 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6119 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 4000 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 7777 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 7787 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 7877 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 7887 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 27005 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 27015 -> 213.252.192.142/32 map vlan0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 27960 -> 213.252.192.142/32 #mail/web/irc/icq map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 22 -> 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 25 -> 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 79 -> 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 81 -> 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 110 -> 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 443 -> 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 2082 -> 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 5050 -> 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 5190 -> 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 1863 -> 213.252.192.162/32 map fxp0 from 192.168.0.0/16 ! to 192.168.0.0/16 port = 6667 -> 213.252.192.162/32 #all other traffic go via gw3 map rl1 from 192.168.0.0/16 ! to 192.168.0.0/16 -> 212.59.9.59/32 ------ I think there is smth wrong with my IPNAT rules. i'm probably doing smth wrong with those ports... Could anyone help me ? Thanks -- Best regards,Hugle _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGGEKCFAAA.fbsd_user>