Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jul 2000 18:15:12 CDT
From:      "Bruce Pea" <bruce_pea@hotmail.com>
To:        willem@brwn.org, freebsd-questions@freebsd.org
Subject:   Re: ipnat still not behaving
Message-ID:  <20000725231512.33573.qmail@hotmail.com>

next in thread | raw e-mail | index | archive | help

OK, I put the colon in between 40000:60000 and I changed my ipnat rule to:
map fxp1 192.168.0.0/24 -> 209.16.xxx.xx/32 portmap tcp/udp 40000:60000
map fxp1 192.168.0.0/24 -> 209.16.xxx.xx/32

where 209.16.xxx.xx is the ip number of fxp1 the interface to the internet.

I rebooted, logged in from a workstation and tried to ping a server on the 
internet from the workstation. No luck! I can ping both internal and 
external interfaces on our server (192.168.255.1 and 209.16.xxx.xx) but I 
can't ping the upstream router that the external card is connected to.

Now I can log in to the server and I can ping the world from the console but 
for some reason I can't get beyound the external interface when I try to 
ping from a workstation.

I also ran ipnat -l to see if ipnat was running and got the following:
List of active MAP/Redirect filters:
map fxp1 192.168.0.0/24 -> 209.16.xxx.xx/32

List of active sessions:

I've checked everything I can think of. Does anyone have any ideas?

Thanks -
Bruce


>From: Willem Brown <willem@brwn.org>
>To: Bruce Pea <bruce_pea@hotmail.com>
>CC: freebsd-questions@freebsd.org
>Subject: Re: ipnat not behaving
>Date: Tue, 25 Jul 2000 22:29:11 +0200
>
>Hi,
>
>
>On Tue, Jul 25, 2000 at 01:38:10PM -0500, Bruce Pea wrote:
> >
> > I'm setting up ipnat and am having some problems.
> >
> > I have a FreeBSD v4.0 dual homed server with the following setup:
> > internal network card (fxp0): 192.168.255.1
> > external network card (fxp1): 209.xx.xxx.xx
> >
> > I have compiled ipfilter into the kernel.
> >
> > defaultrouter=209.xx.xxx.xx
>
>Is this pointing to the IP of fxp1? or to the IP of the default gateway or
>uptream router on the fxp1 network?
>
> > gateway_enable="YES"
> >
> > I have ipf set to pass all both directions.
> >
> > My ipnat rules are:
> >
> > map fxp1 192.168.0.0/24 -> 0/32 portmap tcp/udp 40000 60000
>
>Shouldn't there be a ":" between 40000 and 60000. ie. 40000:60000 and what 
>happens
>if you use 209.xx.xxx.xx/32 insead of 0/32?
>
> > map fxp1 192.168.0.0/24 -> 0/32
> >
> > When I log on to the server from a workstation I can ping the server at
> > 192.168.255.1 and I can ping the outside interface 209.xx.xxx.xx but I
> > cannot ping the router 209.xx.xxx.xx or anything beyond the outside
> > interface.
>
>Try ipnal -l to see if nat is working.
>
> >
> > I have tried using just 'map fxp1 192.0.0/24 -> 0/32' as the only ipnat 
>rule
> > but it doesn't make any difference. I can't get past the external 
>interface.
> > I found an archieved message that dealt with the same problem and tried 
>what
> > was suggested but nothing works.
> >
> > What am I missing?
> >
> > Bruce
> >
> > ________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
>
>Best Regards
>Willem Brown
>
>--
>  /* =============================================================== */
>  /*      Linux, FreeBSD, NetBSD, OpenBSD. The choice is yours.      */
>  /* =============================================================== */
>
>Killing is wrong.
>		-- Losira, "That Which Survives", stardate unknown

________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000725231512.33573.qmail>