From owner-freebsd-questions Wed Jul 18 11:23:34 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id D897F37B40A for ; Wed, 18 Jul 2001 11:23:22 -0700 (PDT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.11.3/8.9.3) with ESMTP id f6IIL4v19241; Wed, 18 Jul 2001 15:21:04 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Wed, 18 Jul 2001 15:21:04 -0300 (ART) From: Fernando Gleiser To: feenikz Cc: Subject: Re: IPNAT In-Reply-To: <004901c10fb3$41d00900$3400a8c0@mandy> Message-ID: <20010718151044.I18511-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Here's what I do (and it works). Let's say your firewall external address is 172.16.1.226, and you want 172.16.1.227 map to the internal host 192.168.1.25. The netmask of the public net is 0xfffffff8 then you say: # ifconfig rl0 172.16.1.226 netmask 0xfffffff8 Then, you lookup rl0's MAC (via ifconfig), and say # arp -S 172.16.1.227 pub And that's it. In other words: if you use bimap, you don't use the external IP as an alias. You use proxy arp. If you use rdr, you assign the external IP as an alias on rl0. Fer On Wed, 18 Jul 2001, feenikz wrote: > Hi, > I just said > ifconfig rl0 alias a.b.c.25 > wrong? > the arp -S ... command replies > a.b.c.25 deleted. > > Also I notice .20 is no longer an entry, I need everything to stay the > same only .25 must point to 192.168.10.10. > I can ping 192.168.10.10 from the local box, but not a.b.c.25 > When i ping it, rules are opened and all, but no responses etc???? > > Tx, Dave > > > > Do you use proxy arp? > > > > You need to proxy ARP on the external NIC, bindig the external IP to the > > MAC of external NIC of the firewall. You shouldnt configure a.b.c.25 as > > an alias on rl0. > > > > arp -S a.b.c.25 pub > > > > > > Fer > > > > > > On Wed, 18 Jul 2001, Dave wrote: > > > > > *Notices the lack of information on his behalf* > > > > > > 192.168.10.10 is a NT IIS server, > > > a.b.c.20 is the firewalls main address, *does web aswell etc* > > > ifconfig rl0 shows that a.b.c.25 is also up. > > > ipnat -l shows that a connection is made when i request one, > > > but nothing is returned. (Tested this from a dialup and the local box.) > > > > > > Strange thing is, it works on ONE box, a.b.c.102. I goto a.b.c.25 and it > > > gets the correct page and everything. > > > > > > I cant imaging why, no special settings, stock standard FBSD 4.3-STABLE > box. > > > Both of them. > > > > > > Any more ideas? > > > > > > > > > > > > I already do nat for the whole 192.168.0.0/24 network, which > works, > > > > > but I cant get it to do the bimap. My normal ip is .20 but I have > > > added > > > > > .25 to use for the bimap. > > > > > > > > confirm that a.b.c.25 is bound to the external interface (i.e. > whichever > > > > interface is visible to the outside world) and that the bimap rule is > > > placed > > > > before the map rule... > > > > > > > > in /etc/ipnat.rules > > > > -> bimap rules > > > > -> rdr rules > > > > -> map rule > > > > > > > > Phil > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message