Date: Wed, 26 Jul 2000 11:57:12 +0200 From: Willem Brown <willem@brwn.org> To: Bruce Pea <bruce_pea@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipnat still not behaving Message-ID: <20000726115711.I674@snoopy.brwn.org> In-Reply-To: <20000726005253.80535.qmail@hotmail.com>; from bruce_pea@hotmail.com on Tue, Jul 25, 2000 at 07:52:53PM -0500 References: <20000726005253.80535.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, So your nat rules files contain only the two rules map fxp1 192.168.255.0/24 -> 209.16.216.31/32 portmap tcp/udp 40000:60000 map fxp1 0.0.0.0/0 -> 209.16.216.31/32 The 0.0.0.0/0 means everything else that is not handled by the first rule will be natted by the second. And you are installing it using this command ipnat -CF -f /etc/ipnat.rules where /etc/ipnat.rules is the actual name of the file with the rules. Then, your /etc/resolv.conf file should contain search domainname.of.isp nameserver ip1ofnameserver nameserver ip2ofnameserver This should be configured in dhcp as well so that the client can use these settings when they obtain a lease from the dhcp server. If you have your own domain name then domainname.of.isp should be whatever your domain name is. If you try to ftp or telnet from the client machine to somewhere on the internet you should see a map for the dns query first and when that successed, a map for the actual telnet or ftp connection afterwards. ipnat -l Best Regards Willem Brown On Tue, Jul 25, 2000 at 07:52:53PM -0500, Bruce Pea wrote: > > > You were right about the ip number. Just to try and narrow things down a bit > more I made the following ipnat rule: > > map fxp1 192.168.255.11/32 -> 209.16.216.31/32 portmap tcp/udp 40000:60000 > map fxp1 192.168.255.11/32 -> 209.16.216.31/32 > > where 192.168.255.11 is my workstation ip and 209.16.216.31 is fxp1, my > external interface, ip. > > I restarted ipnat, went to my workstation and was able to ping the world. > However my web browser would not work meaning it kept telling me it couldn't > find any of the web pages I was trying to hit even after I put the dns > servers in the workstation network configuration. > > After all this I went back and changed the ipnat rules to this: > map fxp1 192.168.255.0/24 -> 209.16.216.31/32 portmap tcp/udp 40000:60000 > map fxp1 192.168.255.0/24 -> 209.16.216.31/32 > > I kept the same static ip (192.168.255.11) on the workstation. I restarted > ipnat, went to the workstation and was able to ping the world. Next I set my > workstation up to grab a ip number from the dhcp server. Restarted my > workstation, logged on to the network, pinged 209.144.48.18 and got: > > Destination host unreachable. > > I then switched my workstation ip address back to 192.168.255.11 and could > ping again. Next I tried to ftp to ftp.freebsd.org and was told it couldn't > be found. I tried to ftp to ftp.samba.org and again was told it couldn't be > found. Now this is strange... I can ping our ISP's dns servers from my > workstation (209.14.48.18, 209.144.48.21). I have them both listed in the > server's resolv.conf file. I can ftp/telnet out to anywhere on the server > without any problems. > > It seems like I'm overlooking one small thing and my mind is so bent I can't > think of what it could be. > > Any ideas?? > > Thanks - > Bruce > > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > -- /* =============================================================== */ /* Linux, FreeBSD, NetBSD, OpenBSD. The choice is yours. */ /* =============================================================== */ On my planet, to rest is to rest -- to cease using energy. To me, it is quite illogical to run up and down on green grass, using energy, instead of saving it. -- Spock, "Shore Leave", stardate 3025.2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000726115711.I674>