From owner-freebsd-questions Wed Jun 5 16:47: 7 2002 Delivered-To: freebsd-questions@freebsd.org Received: from visimation.com (visimation.com [206.169.230.71]) by hub.freebsd.org (Postfix) with ESMTP id 55A6037B401 for ; Wed, 5 Jun 2002 16:47:01 -0700 (PDT) Received: from Spooler by visimation.com (Mercury/32 v3.31) ID MO000396; 5 Jun 02 16:35:36 -0700 Received: from spooler by visimation.com (Mercury/32 v3.31); 5 Jun 02 16:35:22 -0700 Received: from adam (12.228.14.29) by visimation.com (Mercury/32 v3.31) with ESMTP ID MG000395; 5 Jun 02 16:35:17 -0700 Reply-To: From: "Adam Lofstedt" To: Subject: IPNAT redirect multiple IPs on external NIC Date: Wed, 5 Jun 2002 16:46:41 -0700 Organization: Visimation, Inc. Message-ID: <00b201c20ceb$3ee3ce80$6401a8c0@adam> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hey, I am using FBSD as a firewall/NAT router with IP Filter and IP NAT. This machine is multi-homed, with external/internal interfaces. On internal network, there is one machine that is both web server and email server. I am using port forwarding and redirection to redirect traffic on the external interface to ports 80, 143, 25, and 110 of the web/email machine. Problem: I want to run two different email and web servers on the web/email machine that share the same ports. So, I thought I would add another IP to the external interface of BSD box, and redirect traffic on that IP to a second IP address that I have given to the web/email server (I have already told the web/email programs to only listen on their respective IP addresses). So, External IP #1 should forward to Internal IP#1, and External IP #2 should forward to Internal IP#2. However, when I telnet to port 25 of IP #2, the mail server that is listening on internal IP#1 responds. Obviously it is not working. Here is my IPNAT.RULES: _______________________________________ # dev inside ip local inet ip map dc0 10.0.0.0/24 -> ExternalIP#1Here/32 portmap tcp/udp 1:65000 map dc0 10.0.0.0/24 -> ExternalIP#1Here/32 #redirect Internet Services to Web/Email Server rdr dc0 ExternalIP#1Here/32 port 80 -> 10.0.0.4 port 80 rdr dc0 ExternalIP#1Here/32 port 110 -> 10.0.0.4 port 110 rdr dc0 ExternalIP#1Here/32 port 25 -> 10.0.0.4 port 25 rdr dc0 ExternalIP#1Here/32 port 143 -> 10.0.0.4 port 143 #redirect Lyris email traffic to port 25 of IP#2 on Web/Email server rdr dc0 ExternalIP#2Here/32 port 25 -> 10.0.0.5 port 25 #redirect Lyris webserver traffic to port 80 of 10.0.0.5 rdr dc0 ExternalIP#2Here/32 port 80 -> 10.0.0.5 _____________________________________ Here is my rc.conf with device aliases: network_interfaces="dc0 rl0 lo0 tun0" ifconfig_dc0="inet ExternalIP#2Here netmask 255.255.255.240" ifconfig_dc0="inet ExternalIP#1Here netmask 255.255.255.240 alias" ________________________ I suspect I need to map the inside IP#2 (10.0.0.5) to the External IP#2, but when I add the following to IPNAT.RULES, all traffic is stopped on the interfaces: map dc0 10.0.0.0/24 -> ExternalIP#2Here/32 portmap tcp/udp 1:65000 map dc0 10.0.0.0/24 -> ExternalIP#2Here/32 I guess you can't map two IP's to the same local network??? Can anyone provide suggestions? Adam Lofstedt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message