From owner-freebsd-questions Wed Jul 18 22:27: 1 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cerebellum.za.net (cerebellum.za.net [196.34.172.103]) by hub.freebsd.org (Postfix) with ESMTP id E910537B401 for ; Wed, 18 Jul 2001 22:26:44 -0700 (PDT) (envelope-from demi@god.za.net) Received: from mandy (nunetnt2.nutech.co.za [196.34.172.5]) by cerebellum.za.net (8.11.3/8.11.3) with SMTP id f6J5JO734043; Thu, 19 Jul 2001 07:19:25 +0200 (SAST) (envelope-from demi@god.za.net) Message-ID: <007601c11013$7358b160$3400a8c0@mandy> From: "feenikz" To: "Fernando Gleiser" References: <20010718151044.I18511-100000@cactus.fi.uba.ar> Subject: Re: IPNAT Date: Thu, 19 Jul 2001 07:25:21 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thanks for all your help, I will try it later today --Dave. > Here's what I do (and it works). > > Let's say your firewall external address is 172.16.1.226, and you want > 172.16.1.227 map to the internal host 192.168.1.25. The netmask of the > public net is 0xfffffff8 > > then you say: > > # ifconfig rl0 172.16.1.226 netmask 0xfffffff8 > > Then, you lookup rl0's MAC (via ifconfig), and say > > # arp -S 172.16.1.227 pub > > And that's it. > > In other words: if you use bimap, you don't use the external IP as an alias. > You use proxy arp. > If you use rdr, you assign the external IP as an alias on rl0. > > > Fer > > > On Wed, 18 Jul 2001, feenikz wrote: > > > Hi, > > I just said > > ifconfig rl0 alias a.b.c.25 > > wrong? > > the arp -S ... command replies > > a.b.c.25 deleted. > > > > Also I notice .20 is no longer an entry, I need everything to stay the > > same only .25 must point to 192.168.10.10. > > I can ping 192.168.10.10 from the local box, but not a.b.c.25 > > When i ping it, rules are opened and all, but no responses etc???? > > > > Tx, Dave > > > > > > > Do you use proxy arp? > > > > > > You need to proxy ARP on the external NIC, bindig the external IP to the > > > MAC of external NIC of the firewall. You shouldnt configure a.b.c.25 as > > > an alias on rl0. > > > > > > arp -S a.b.c.25 pub > > > > > > > > > Fer > > > > > > > > > On Wed, 18 Jul 2001, Dave wrote: > > > > > > > *Notices the lack of information on his behalf* > > > > > > > > 192.168.10.10 is a NT IIS server, > > > > a.b.c.20 is the firewalls main address, *does web aswell etc* > > > > ifconfig rl0 shows that a.b.c.25 is also up. > > > > ipnat -l shows that a connection is made when i request one, > > > > but nothing is returned. (Tested this from a dialup and the local box.) > > > > > > > > Strange thing is, it works on ONE box, a.b.c.102. I goto a.b.c.25 and it > > > > gets the correct page and everything. > > > > > > > > I cant imaging why, no special settings, stock standard FBSD 4.3-STABLE > > box. > > > > Both of them. > > > > > > > > Any more ideas? > > > > > > > > > > > > > > > I already do nat for the whole 192.168.0.0/24 network, which > > works, > > > > > > but I cant get it to do the bimap. My normal ip is .20 but I have > > > > added > > > > > > .25 to use for the bimap. > > > > > > > > > > confirm that a.b.c.25 is bound to the external interface (i.e. > > whichever > > > > > interface is visible to the outside world) and that the bimap rule is > > > > placed > > > > > before the map rule... > > > > > > > > > > in /etc/ipnat.rules > > > > > -> bimap rules > > > > > -> rdr rules > > > > > -> map rule > > > > > > > > > > Phil > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message