Date: Sun, 14 Dec 2003 20:26:57 +0300 From: =?Windows-1251?B?zOj46uA=?= <umike@inbox.ru> To: questions@FreeBSD.org Subject: trouble: ipnat & simultaneously icmp traffic from many NATed computers Message-ID: <1635567875.20031214202657@inbox.ru>
next in thread | raw e-mail | index | archive | help
Hello!
Sorry for my bad english....
We have router on FreeBSD 4.8-RELEASE (IP Filter: v3.4.31)and want to
NAT our LAN. We have 3 computer at LAN - 192.168.0.2,
192.168.0.3,192.168.0.4. We put the rule to ipnat.rules:
/etc/ipnat.rules
map rl0 192.168.0.0/26 -> 195.112.113.242/32
So all work all right, but when we try ping one remote_host from two
computers simultaneously we have that only first computer can do this.
Our router settings:
--------------
%ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet X.X.X.242 netmask 0xfffffff0 broadcast X.X.X.255
ether 00:c0:26:a3:35:61
media: Ethernet autoselect (10baseT/UTP)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.0.1 netmask 0xffffff80 broadcast 192.168.0.127
ether 00:c0:26:a3:3a:df
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
%more /etc/ipf.rules
pass in quick on rl0 from any to any
pass in quick on rl1 from any to any
%more /etc/ipnat.rules
map rl0 192.168.0.0/26 -> 195.112.113.242/32
--------------
as I look ipnat -l I see that ipnat map the first icmp ping
192.168.0.2 <->x.x.x.x and not map another from 192.168.0.3. Then I look
%tcpdump -i rl0
WOW! I see outgouing icmp echo request from 192.168.0.3!!! Ok, I'ts a
my trouble, ipnat want more then one external ip to nat two ipcm from
different host. Let's go:
add new rule into ipnat.rules:
%more /etc/ipnat.rules
map rl0 192.168.0.0/26 -> 195.112.113.244/30
%ifconfig rl0 X.X.X.245 netmask 255.255.255.255 alias
%ifconfig rl0 X.X.X.246 netmask 255.255.255.255 alias
reload ipnat rules:
%ipnat -CF -f /etc/ipnat.rules
ok! Now I can ping remote_host from 195.168.0.2 and 195.168.0.3
simultaneously! ipnat -l shows:
192.168.0.2<->x.x.x.245
192.168.0.2<->x.x.x.246
Then I go to the 192.168.0.4 machine and do
ping -t remote_host
BANG! Router is down. I stop ping at all 3 hosts. Router is down and
even local console dont react. Only Reset key can do some. Why this
happend?
What is this? How can I configure FreeBSD to ping remote_host
simultaneously from any count of NATed computers? We really need do
this! (We are small ISP, and have monitor programs that monitor some our
equipment by icmp ping command and connect to some it services.
Now when we NAT our office LAN we cannot simultaneously monitor our
equipment from many point!)
Can you some help to us?
Once again sorry for my bad english....
--
Best regards, Mike
mailto:umike@inbox.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1635567875.20031214202657>