From owner-freebsd-questions  Tue May 28 13:42:41 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108])
	by hub.freebsd.org (Postfix) with ESMTP id 80EA437B40C
	for <freebsd-questions@FreeBSD.ORG>; Tue, 28 May 2002 13:42:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by cactus.fi.uba.ar (8.11.6/8.11.6) with ESMTP id g4SKceo43246;
	Tue, 28 May 2002 17:38:40 -0300 (ART)
	(envelope-from fgleiser@cactus.fi.uba.ar)
Date: Tue, 28 May 2002 17:38:40 -0300 (ART)
From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
X-X-Sender:  <fgleiser@localhost>
To: Curtis Polk <cmackjr@swbell.net>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: IPNAT Multiple rdr
In-Reply-To: <3CF3D558.85886D80@swbell.net>
Message-ID: <20020528173543.J40686-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Tue, 28 May 2002, Curtis Polk wrote:

> I have two aliases on my outward facing machine.  I would like to
> redirect the primary address and the two aliases to an internal machine
> running two instances of Apache and one of  Tomcat.  I have tried
> various ipnat rules, and nothing works.
> As near as I can tell from the documentation, this should work, but does
> not:
> # redirects to internal server
> rdr xl0 aaa.bbb.ccc dd1 port 80 -> 192.168.2.3 port 80
> rdr xl0 aaa.bbb.ccc.dd2 port 80 -> 192.168.2.4 port 80
> rdr xl0 aaa.bbb.ccc.dd3 port 3000 -> 192.168.2.5 port 3000

It looks fine.

>
> # normal private-to-public mapping
> map xl0 192.168.2.0/24 -> aaa.bbb.ccc.dd1/32
>
> The firewall macine has two network cards, xl0, the public interface,
> and xl1, the 192 network.  I have tried coming down to the simplest
> configuration, by attempting to redirect the firewall's primary address
> to 192.168.2.3, the internal machine's primary address.  The redirects
> don't work, but the map does. Any help would be appreciated.
>

Flush the firewall rules and try the redirects again. Maybe the packet filter
is blocking them.

Run tcpdump an both xl0 and xl1 and see if the packets come through the
firewall.

Hope this helps.


			Fer


>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message