Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 25 Dec 2002 17:09:39 -0500 (EST)
From:      Marco Radzinschi <marco@radzinschi.com>
To:        "adaml@visimation.com" <adaml@visimation.com>
Cc:        <freebsd-questions@FreeBSD.ORG>
Subject:   Re: Help with IPF and IPNAT
Message-ID:  <20021225170812.D35858-100000@radzinschi.com>
In-Reply-To: <163890-220021232584230611@M2W047.mail2web.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 25 Dec 2002, adaml@visimation.com wrote:

> Argh!  I've been pulling my hair out trying to get my NAT gateway going.
>
> I have two interfaces, one external and internal, servicing a private LAN.
> From the LAN I can ping the internal interface and the external interface,
> but I can't get past the ext. interface.  For testing my rules are pass in
> all and pass out all.  From the gateway itself I can ping anywhere outside
> or inside.
>
> I have tried loading IPNAT and IPF as loadable kernel modules by adding the
> following to /etc/rc.conf:
>
> gateway_enable="YES"
> network_interfaces="x10 dc0 lo0"
> ifconfig x10...
> ifconfig dc0...
> ipfilter_enable="YES"
> ipfilter_rules="/etc/ipf.rules"
> ipfilter_program="/sbin/ipf"
> ipfilter_flags=""
> ipnat_enable="YES"
> ipnat_program="/sbin/ipnat"
> ipnat_flags=""
>
> Each interface is up and running.  My default gateway in /etc/rc.conf is
> the gateway of the external NIC.
>
> Can anyone see anything wrong with what I am doing, or something missing?
> Do I need routed installed and running?  I also tried
> forward_sourceroute="YES", but that didn't seem to help.
>
> Thanks,
> Adam Lofstedt

You need a MAP rule in your ipnat.rules file to map the private subnet
into your public IP address (that of the gateway).

If you don't have this in there, then you are not doing NAT, just packet
filtering.

man ipnat
man 5 ipnat

Marco Radzinschi
E-Mail: marco@radzinschi.com

Wed Dec 25 17:08:12 EST 2002


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021225170812.D35858-100000>