From owner-freebsd-net@FreeBSD.ORG Wed Nov 9 08:57:16 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 778F216A41F for ; Wed, 9 Nov 2005 08:57:16 +0000 (GMT) (envelope-from nikruzhan@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0180D43D46 for ; Wed, 9 Nov 2005 08:57:15 +0000 (GMT) (envelope-from nikruzhan@gmail.com) Received: by zproxy.gmail.com with SMTP id 9so100451nzo for ; Wed, 09 Nov 2005 00:57:15 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=I9AxqPhuJhw945nAZbs6N+lDqqP5SyPKLQqhthrslL7tGO0715em0OTICCpceNskrAicrzXpQFrQvgoFvM/asOrq8Qw0oceChJjPPKaQUHdTsuCYeXv9VKruNiUb+gfCXhBPsog1WrGvLWahzU/mgozD5wTY3wMG01YYYKdvPGs= Received: by 10.37.18.20 with SMTP id v20mr313415nzi; Wed, 09 Nov 2005 00:57:15 -0800 (PST) Received: by 10.36.224.36 with HTTP; Wed, 9 Nov 2005 00:57:15 -0800 (PST) Message-ID: <60ffc71f0511090057h286df5a9hd95b1d17752f9a19@mail.gmail.com> Date: Wed, 9 Nov 2005 16:57:15 +0800 From: Nik To: net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: one to one mappings issues using IPnat X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Nov 2005 08:57:16 -0000 Hi, I'm using ipnat for one to one mappings in my FreeBSD router using IPnat. I got several interfaces plus Vlans ; rl0 - Local (192.168.0.x), em0, em1, em2, em3 - External (internet), em4, vlan0, vlan1, vlan2, vlan3, vlan4, vlan5, vlan6, vlan7, vlan8, vlan9 - DMZ = ( 202.xxx.10.x). my ipnat.rules ; map em3 192.168.0.0/24 -> 0/32 portmap tcp/udp auto map em3 192.168.0.0/24 -> 0/32 # Server bimap em3 192.168.0.22/32 -> 202.xxx.10.7/32 bimap vlan2 192.168.0.22/32 -> 202.xxx.10.7/32 bimap vlan3 192.168.0.22/32 -> 202.xxx.10.7/32 bimap vlan4 192.168.0.22/32 -> 202.xxx.10.7/32 bimap vlan5 192.168.0.22/32 -> 202.xxx.10.7/32 bimap rl0 192.168.0.22/32 -> 202.xxx.10.7/32 202.xxx.10.7/32 was included in vlan9, my local already can ping to 202.xxx.10.7 and that's mean it's working at Lan but the problem is I can't ping 202.xxx.10.7 from another same subnet ip eg: 202.xxx.10.10 and it give me this result ; [root@SatelliteVod ~]# ping 202.xxx.10.7 PING 202.xxx.10.7 (202.xxx.10.7) 56(84) bytes of data. >From 202.xxx.10.10 icmp_seq=3D0 Destination Host Unreachable >From 202.xxx.10.10 icmp_seq=3D1 Destination Host Unreachable >From 202.xxx.10.10 icmp_seq=3D2 Destination Host Unreachable Also I can't ping 202.xxx.10.7 from router itself, it's give me this result ; > ping 202.xxx.10.7 PING 202.xxx.10.7 (202.xxx.10.7): 56 data bytes ping: sendto: Host is down ping: sendto: Host is down ping: sendto: Host is down --- 202.xxx.10.7 ping statistics --- 9 packets transmitted, 0 packets received, 100% packet loss There's no problem when I try to ping the server from outside. I just pass all out and pass in all in my ipf.rules so I think there's no problem with ipfilter. Thanks, Nik.