Date: Wed, 26 Jul 2000 01:33:28 +0200 From: Willem Brown <willem@brwn.org> To: Bruce Pea <bruce_pea@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipnat still not behaving Message-ID: <20000726013328.G674@snoopy.brwn.org> In-Reply-To: <20000725231512.33573.qmail@hotmail.com>; from bruce_pea@hotmail.com on Tue, Jul 25, 2000 at 06:15:12PM -0500 References: <20000725231512.33573.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 25, 2000 at 06:15:12PM -0500, Bruce Pea wrote: > > OK, I put the colon in between 40000:60000 and I changed my ipnat rule to: > map fxp1 192.168.0.0/24 -> 209.16.xxx.xx/32 portmap tcp/udp 40000:60000 > map fxp1 192.168.0.0/24 -> 209.16.xxx.xx/32 If the internal network address is 192.168.255.0 then the above rules should use that and not 192.168.0 since 192.168.0 and 192.168.255 is two defferent class-c networks, unless you change the number of bits set in the mask from 24 to 16. > > where 209.16.xxx.xx is the ip number of fxp1 the interface to the internet. > > I rebooted, logged in from a workstation and tried to ping a server on the > internet from the workstation. No luck! I can ping both internal and > external interfaces on our server (192.168.255.1 and 209.16.xxx.xx) but I > can't ping the upstream router that the external card is connected to. > > Now I can log in to the server and I can ping the world from the console but > for some reason I can't get beyound the external interface when I try to > ping from a workstation. > > I also ran ipnat -l to see if ipnat was running and got the following: > List of active MAP/Redirect filters: > map fxp1 192.168.0.0/24 -> 209.16.xxx.xx/32 What happened to the first map rule. There should be two here if I'm not mistaken. > > List of active sessions: > > I've checked everything I can think of. Does anyone have any ideas? > > Thanks - > Bruce > > > >From: Willem Brown <willem@brwn.org> > >To: Bruce Pea <bruce_pea@hotmail.com> > >CC: freebsd-questions@freebsd.org > >Subject: Re: ipnat not behaving > >Date: Tue, 25 Jul 2000 22:29:11 +0200 > > > >Hi, > > > > > >On Tue, Jul 25, 2000 at 01:38:10PM -0500, Bruce Pea wrote: > > > > > > I'm setting up ipnat and am having some problems. > > > > > > I have a FreeBSD v4.0 dual homed server with the following setup: > > > internal network card (fxp0): 192.168.255.1 > > > external network card (fxp1): 209.xx.xxx.xx > > > > > > I have compiled ipfilter into the kernel. > > > > > > defaultrouter=209.xx.xxx.xx > > > >Is this pointing to the IP of fxp1? or to the IP of the default gateway or > >uptream router on the fxp1 network? > > > > > gateway_enable="YES" > > > > > > I have ipf set to pass all both directions. > > > > > > My ipnat rules are: > > > > > > map fxp1 192.168.0.0/24 -> 0/32 portmap tcp/udp 40000 60000 > > > >Shouldn't there be a ":" between 40000 and 60000. ie. 40000:60000 and what > >happens > >if you use 209.xx.xxx.xx/32 insead of 0/32? > > > > > map fxp1 192.168.0.0/24 -> 0/32 > > > > > > When I log on to the server from a workstation I can ping the server at > > > 192.168.255.1 and I can ping the outside interface 209.xx.xxx.xx but I > > > cannot ping the router 209.xx.xxx.xx or anything beyond the outside > > > interface. > > > >Try ipnal -l to see if nat is working. > > > > > > > > I have tried using just 'map fxp1 192.0.0/24 -> 0/32' as the only ipnat > >rule > > > but it doesn't make any difference. I can't get past the external > >interface. > > > I found an archieved message that dealt with the same problem and tried > >what > > > was suggested but nothing works. > > > > > > What am I missing? > > > > > > Bruce > > > > > > ________________________________________________________________________ > > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > >Best Regards > >Willem Brown > > > >-- > > /* =============================================================== */ > > /* Linux, FreeBSD, NetBSD, OpenBSD. The choice is yours. */ > > /* =============================================================== */ > > > >Killing is wrong. > > -- Losira, "That Which Survives", stardate unknown > > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > Best Regards Willem Brown -- /* =============================================================== */ /* Linux, FreeBSD, NetBSD, OpenBSD. The choice is yours. */ /* =============================================================== */ If you don't care where you are, then you ain't lost. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000726013328.G674>