From owner-freebsd-questions Wed Jun 5 17:20:15 2002 Delivered-To: freebsd-questions@freebsd.org Received: from visimation.com (visimation.com [206.169.230.71]) by hub.freebsd.org (Postfix) with ESMTP id 610AA37B403 for ; Wed, 5 Jun 2002 17:20:05 -0700 (PDT) Received: from Spooler by visimation.com (Mercury/32 v3.31) ID MO0003B9; 5 Jun 02 17:08:40 -0700 Received: from spooler by visimation.com (Mercury/32 v3.31); 5 Jun 02 17:08:37 -0700 Received: from adam (12.228.14.29) by visimation.com (Mercury/32 v3.31) with ESMTP ID MG0003B7; 5 Jun 02 17:08:35 -0700 Reply-To: From: "Adam Lofstedt" To: Subject: RE: IPNAT redirect multiple IPs on external NIC (fixed) Date: Wed, 5 Jun 2002 17:20:00 -0700 Organization: Visimation, Inc. Message-ID: <00e601c20cef$e5c7d170$6401a8c0@adam> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 In-Reply-To: <00b201c20ceb$3ee3ce80$6401a8c0@adam> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG NEVERMIND - I made lots of changes and didn't flush the rules... So sorry to waste space/time. It works. Adam > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of > Adam Lofstedt > Sent: Wednesday, June 05, 2002 4:47 PM > To: freebsd-questions@FreeBSD.ORG > Subject: IPNAT redirect multiple IPs on external NIC > > > Hey, > > I am using FBSD as a firewall/NAT router with IP Filter and > IP NAT. This machine is multi-homed, with external/internal > interfaces. On internal network, there is one machine that > is both web server and email server. I am using port > forwarding and redirection to redirect traffic on the > external interface to ports 80, 143, 25, and 110 of the > web/email machine. > > Problem: I want to run two different email and web servers > on the web/email machine that share the same ports. So, I > thought I would add another IP to the external interface of > BSD box, and redirect traffic on that IP to a second IP > address that I have given to the web/email server (I have > already told the web/email programs to only listen on their > respective IP addresses). > > So, External IP #1 should forward to Internal IP#1, and > External IP #2 should forward to Internal IP#2. However, > when I telnet to port 25 of IP #2, the mail server that is > listening on internal IP#1 responds. Obviously it is not working. > > Here is my IPNAT.RULES: > _______________________________________ > # dev inside ip local inet ip > map dc0 10.0.0.0/24 -> ExternalIP#1Here/32 portmap tcp/udp > 1:65000 map dc0 10.0.0.0/24 -> ExternalIP#1Here/32 > > > #redirect Internet Services to Web/Email Server > rdr dc0 ExternalIP#1Here/32 port 80 -> 10.0.0.4 port 80 > rdr dc0 ExternalIP#1Here/32 port 110 -> 10.0.0.4 port 110 > rdr dc0 ExternalIP#1Here/32 port 25 -> 10.0.0.4 port 25 > rdr dc0 ExternalIP#1Here/32 port 143 -> 10.0.0.4 port 143 > > #redirect Lyris email traffic to port 25 of IP#2 on Web/Email > server rdr dc0 ExternalIP#2Here/32 port 25 -> 10.0.0.5 port 25 > > #redirect Lyris webserver traffic to port 80 of 10.0.0.5 > rdr dc0 ExternalIP#2Here/32 port 80 -> 10.0.0.5 > _____________________________________ > > Here is my rc.conf with device aliases: > > network_interfaces="dc0 rl0 lo0 tun0" > ifconfig_dc0="inet ExternalIP#2Here netmask 255.255.255.240" > ifconfig_dc0="inet ExternalIP#1Here netmask 255.255.255.240 > alias" ________________________ > > I suspect I need to map the inside IP#2 (10.0.0.5) to the > External IP#2, but when I add the following to IPNAT.RULES, > all traffic is stopped on the interfaces: > > map dc0 10.0.0.0/24 -> ExternalIP#2Here/32 portmap tcp/udp > 1:65000 map dc0 10.0.0.0/24 -> ExternalIP#2Here/32 > > I guess you can't map two IP's to the same local network??? > > Can anyone provide suggestions? > > Adam Lofstedt > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message