Date: Thu, 27 Jul 2000 13:17:41 +0200 From: Willem Brown <willem@brwn.org> To: Bruce Pea <bruce_pea@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipnat still not behaving Message-ID: <20000727131740.K674@snoopy.brwn.org> In-Reply-To: <20000727015443.62096.qmail@hotmail.com>; from bruce_pea@hotmail.com on Wed, Jul 26, 2000 at 08:54:43PM -0500 References: <20000727015443.62096.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Wed, Jul 26, 2000 at 08:54:43PM -0500, Bruce Pea wrote: > > Well I had moderate success today. > > I setup an ipnat redirection rule which works great. I'm redirecting mail > packets from the external interface to port 25 on our email server. Mail > just pours in, it works great. > > I'm doing the same thing with our web server and the redirection works great > as well. > > However the mapping function of ipnat just refuses to work... I run ipnat -s > and see all kinds of stuff coming in but the stats for packets going out are > (0) zero. I run ipnat -l and see all kinds of live redirection connections > but nothing of anything trying to get to the dns server after trying to ping > our isp's dns server over and over again. I think that if you do this from the server it will use the IP of fxp1 and not do a nat at all. I'm not sure about this. What does your /etc/resolv.conf file look like. Is the DNS settings of the client machines correct? You can check this using winipcfg or ipconfig /all depending on which flavor of windows they are running. Try executing the following commands on the server and see if it works. dig @ip.of.isp www.freebsd.org any This will connect directly to the isp's dns server to do the query. You should get something back that says www.freebsd.org points to freefall.freebsd.org dig www.freebsd.org any If this doesn't work then you have a problem with the /etc/resolv.conf file most likely. Also, use tcpdump to see what types of traffic you get on both the fxp0 and fxp1 interfaces. To check for dns traffic. tcpdump -i fxp0 -vv -n port 53 and tcpdump -i fxp1 -vv -n port 53 If you have a problem with the gateway box not allowing the query out, you should at least see the dns traffic arrive from the client on the fxp0 interface. > > Here again are my ipnat rules: > > map fxp1 192.168.255.0/24 -> 209.16.216.20/32 portmap tcp/udp 40000:60000 > map fxp1 192.168.255.0/24 -> 209.16.216.20/32 Consider changing this last rule to the following so that it maps everything that is not tcp or udp as well. map fxp1 0.0.0.0/0 -> 209.16.216.20/32 > > rdr fxp1 209.16.216.20/32 port 25 -> 192.168.255.3 port 25 tcp > rdr fxp1 209.16.216.20/32 port 80 -> 192.168.255.4 port 80 tcp > > > Does anyone have any ideas... > > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > -- /* =============================================================== */ /* Linux, FreeBSD, NetBSD, OpenBSD. The choice is yours. */ /* =============================================================== */ WARNING TO ALL PERSONNEL: Firings will continue until morale improves. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000727131740.K674>