Date: Thu, 19 Jul 2001 07:25:21 +0200 From: "feenikz" <demi@god.za.net> To: "Fernando Gleiser" <fgleiser@cactus.fi.uba.ar> Subject: Re: IPNAT Message-ID: <007601c11013$7358b160$3400a8c0@mandy> References: <20010718151044.I18511-100000@cactus.fi.uba.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for all your help,
I will try it later today
--Dave.
> Here's what I do (and it works).
>
> Let's say your firewall external address is 172.16.1.226, and you want
> 172.16.1.227 map to the internal host 192.168.1.25. The netmask of the
> public net is 0xfffffff8
>
> then you say:
>
> # ifconfig rl0 172.16.1.226 netmask 0xfffffff8
>
> Then, you lookup rl0's MAC (via ifconfig), and say
>
> # arp -S 172.16.1.227 <MAC of rl0> pub
>
> And that's it.
>
> In other words: if you use bimap, you don't use the external IP as an
alias.
> You use proxy arp.
> If you use rdr, you assign the external IP as an alias on rl0.
>
>
> Fer
>
>
> On Wed, 18 Jul 2001, feenikz wrote:
>
> > Hi,
> > I just said
> > ifconfig rl0 alias a.b.c.25
> > wrong?
> > the arp -S ... command replies
> > a.b.c.25 deleted.
> >
> > Also I notice .20 is no longer an entry, I need everything to stay
the
> > same only .25 must point to 192.168.10.10.
> > I can ping 192.168.10.10 from the local box, but not a.b.c.25
> > When i ping it, rules are opened and all, but no responses etc????
> >
> > Tx, Dave
> >
> >
> > > Do you use proxy arp?
> > >
> > > You need to proxy ARP on the external NIC, bindig the external IP to
the
> > > MAC of external NIC of the firewall. You shouldnt configure a.b.c.25
as
> > > an alias on rl0.
> > >
> > > arp -S a.b.c.25 <MAC of rl0> pub
> > >
> > >
> > > Fer
> > >
> > >
> > > On Wed, 18 Jul 2001, Dave wrote:
> > >
> > > > *Notices the lack of information on his behalf*
> > > >
> > > > 192.168.10.10 is a NT IIS server,
> > > > a.b.c.20 is the firewalls main address, *does web aswell etc*
> > > > ifconfig rl0 shows that a.b.c.25 is also up.
> > > > ipnat -l shows that a connection is made when i request one,
> > > > but nothing is returned. (Tested this from a dialup and the local
box.)
> > > >
> > > > Strange thing is, it works on ONE box, a.b.c.102. I goto a.b.c.25
and it
> > > > gets the correct page and everything.
> > > >
> > > > I cant imaging why, no special settings, stock standard FBSD
4.3-STABLE
> > box.
> > > > Both of them.
> > > >
> > > > Any more ideas?
> > > >
> > > > >
> > > > > > I already do nat for the whole 192.168.0.0/24 network, which
> > works,
> > > > > > but I cant get it to do the bimap. My normal ip is .20 but I
have
> > > > added
> > > > > > .25 to use for the bimap.
> > > > >
> > > > > confirm that a.b.c.25 is bound to the external interface (i.e.
> > whichever
> > > > > interface is visible to the outside world) and that the bimap rule
is
> > > > placed
> > > > > before the map rule...
> > > > >
> > > > > in /etc/ipnat.rules
> > > > > -> bimap rules
> > > > > -> rdr rules
> > > > > -> map rule
> > > > >
> > > > > Phil
> > > > >
> > > > >
> > > >
> > > >
> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > with "unsubscribe freebsd-questions" in the body of the message
> > > >
> > >
> > >
> >
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007601c11013$7358b160$3400a8c0>