From owner-freebsd-tokenring  Sun Oct 29 12: 3:46 2000
Delivered-To: freebsd-tokenring@freebsd.org
Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75])
	by hub.freebsd.org (Postfix) with ESMTP id 03C5037B479
	for <freebsd-tokenring@freebsd.org>; Sun, 29 Oct 2000 12:03:44 -0800 (PST)
Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73])
	by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP
	id C9E806A904; Sun, 29 Oct 2000 21:03:42 +0100 (CET)
Received: from sv.Go2France.com [212.73.210.79] by mail.Go2France.com with ESMTP
  (SMTPD32-6.04) id A41DDD830054; Sun, 29 Oct 2000 21:10:05 +0100
Message-Id: <5.0.0.25.0.20001029210025.023cc660@mail.Go2France.com>
X-Sender: lconrad%Go2France.com@mail.Go2France.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Sun, 29 Oct 2000 21:03:21 +0100
To: freebsd-tokenring@freebsd.org
From: Len Conrad <lconrad@Go2France.com>
Subject: ipnat / oltr
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-tokenring@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

In addition the oltr ipnat question below, does the oltr driver 
support Early Token Release?

What's the consensus or recommendation for setting oltr MTU ?

======================

FreeBSD 4.1-R and ipfilter 3.4.13, with ifilter as module.

(We had good success with a couple of FreeBSD 3.1 and 3.4 with 
earlier ipf 3.3 and 3.4 in the kernal and really weren't expecting 
any trouble now, but....)

# kldstat
Id Refs Address    Size     Name
  1    2 0xc0100000 2335c4   kernel
  2    1 0xc0ae8000 15000    ipf.ko

We are just trying to get a simple ipnat running with this rule (no 
ipfilter,yet):

map oltr0 192.168.10.0/24 -> xxx.73.yyy.242/32 portmap tcp/udp 40000:65000
map oltr0 192.168.10.0/24 -> xxx.73.yyy.242/32

# ipnat -l
List of active MAP/Redirect filters:
map oltr0 192.168.10.0/24  -> xxx.73.yyy.242/32  portmap tcp/udp 40000:65000
map oltr0 192.168.10.0/24  -> xxx.73.yyy.242/32

List of active sessions: (none)


Telnetting to the ipf machine, we try to ping from the inside i/f 
192.168.10.1 to the outside of next-hop router i/f:

ping -S 192.168.10.1 xxx.73.yyy.22

... works, but we cannot get an active NAT session showing. stumped.

ping -S 192.168.10.1 xxx.73.yyy.69   (a bit futher upstream)

... fails, however ping from the ipnat's outside i/f

ping -S xxx.73.yyy.242 xxx.73.yyy.69

... works fine to everywhere.

========

ipf machine's routing table:

Destination        Gateway            Flags      Netif Expire
default            xxx.73.yyy.241     UGSc        3      477      xl0
127.0.0.1          127.0.0.1          UH          0        0      lo0
192.168.10         link#1             UC          0        0    oltr0 =>
192.168.10.1       0.0.83.42.40.2f    UHLW        0      120      lo0
xxx.73.yyy.240/30  link#2             UC          0        0      xl0 =>
xxx.73.yyy.241     0:50:73:76:42:81   UHLW        4      105      xl0    304
xxx.73.yyy.242     0:1:2:b2:ad:a5     UHLW        0      120      lo0

Ideas?

tia,
Len

http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 & 8.2.3 T6B for NT4 & W2K
http://IMGate.MEIway.com:  Build free, hi-perf, anti-spam mail gateways 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-tokenring" in the body of the message