From owner-freebsd-questions@FreeBSD.ORG Thu Jan 12 15:43:30 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89EE616A41F for ; Thu, 12 Jan 2006 15:43:30 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from mta13.adelphia.net (mta13.mail.adelphia.net [68.168.78.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id E034343D45 for ; Thu, 12 Jan 2006 15:43:29 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([69.172.31.117]) by mta13.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP id <20060112154329.PXVR26442.mta13.adelphia.net@barbish>; Thu, 12 Jan 2006 10:43:29 -0500 From: "fbsd_user" To: "cedric Gross" , Date: Thu, 12 Jan 2006 10:43:21 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20060112145707.76A8D6D667@bruce.cnv.fr> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Cc: Subject: RE: IpNat and 3 NIC X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jan 2006 15:43:30 -0000 You have ipnat statements wrong. should be liked this map vr0 10.0.0.0/8 -> 0.32 proxy port ftp ftp/tcp map vr0 10.0.0.0/8 -> 0.32 portmap tcp/udp 20000:60000 map vr0 10.0.0.0/8 -> 0.32 map vr0 192.168.0.0/30 -> 0.32 portmap tcp/udp auto map vr0 192.168.0.32/27 -> 0.32 portmap tcp/udp auto map vr0 192.168.0.32/27 -> 0.32 map vr0 192.168.0.96/27 -> 0.32 portmap tcp/udp auto map vr0 192.168.0.96/27 -> 0.32 rdr xl0 0.0.0.0/0 port 80 -> 10.0.0.254 port 3128 tcp rdr vr1 192.168.0.32/27 port 80 -> 10.0.0.254 port 3128 tcp rdr vr1 192.168.0.96/27 port 80 -> 10.0.0.254 port 3128 tcp Note map vr1 has been changed to vr0 If your public IP 84.96.23.106 is not dedicated to you by your ISP, then you should not be hard coding it in your IPnat rules. Read the Freebsd ipfilter documentation in the handbook for details. 0.32 = The IP address/netmask assigned by your ISP. The special keyword 0.32 tells ipnat to get the current public IP address of the interface specified on this statement and substitute it for the 0.32 keyword. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of cedric Gross Sent: Thursday, January 12, 2006 9:58 AM To: freebsd-questions@freebsd.org Subject: IpNat and 3 NIC Hello, I have my FreeBSD 5.4 box with 3 NIC : Xl0 LAN with network 10.0.0.0/8 and 192.168.0.0/30 VR0 Wan 84.96.23.106/32 VR1 LAN with network 192.168.0.32/27 and 192.168.0.96/27 I use IPNAT and Ip filter. I'm doing NAT from Xl0 to Vr0, it's working fine I'm trying to do the same thing with vr1 to Vr0 but it's seems that traffic coming from vr1 are not translated. Is there a interface limitation with IPNAT ? Is there a way to do translation from both NIC ? Here is my ipnat.conf : map vr0 10.0.0.0/8 -> 84.96.23.106/32 proxy port ftp ftp/tcp map vr0 10.0.0.0/8 -> 84.96.23.106/32 portmap tcp/udp 20000:60000 map vr0 10.0.0.0/8 -> 84.96.23.106/32 map vr0 192.168.0.0/30 -> 84.96.23.106/32 portmap tcp/udp auto map vr1 192.168.0.32/27 -> 84.96.23.106/32 portmap tcp/udp auto map vr1 192.168.0.32/27 -> 84.96.23.106/32 map vr1 192.168.0.96/27 -> 84.96.23.106/32 portmap tcp/udp auto map vr1 192.168.0.96/27 -> 84.96.23.106/32 rdr xl0 0.0.0.0/0 port 80 -> 10.0.0.254 port 3128 tcp rdr vr1 192.168.0.32/27 port 80 -> 10.0.0.254 port 3128 tcp rdr vr1 192.168.0.96/27 port 80 -> 10.0.0.254 port 3128 tcp Thanks for help. Cedric _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"