From owner-freebsd-questions@FreeBSD.ORG Thu Jun 12 13:42:09 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E935537B401 for ; Thu, 12 Jun 2003 13:42:08 -0700 (PDT) Received: from mailgw2a.lmco.com (mailgw2a.lmco.com [192.91.147.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0785843F3F for ; Thu, 12 Jun 2003 13:42:08 -0700 (PDT) (envelope-from koroush.saraf@lmco.com) Received: from emss01g01.ems.lmco.com ([129.197.181.54]) by mailgw2a.lmco.com (8.11.6p2/8.11.6) with ESMTP id h5CKg7G20647 for ; Thu, 12 Jun 2003 16:42:07 -0400 (EDT) Received: from CONVERSION-DAEMON.lmco.com by lmco.com (PMDF V6.1-1 #40643) id <0HGD00M01YU5KZ@lmco.com> for freebsd-questions@FreeBSD.ORG; Thu, 12 Jun 2003 13:42:05 -0700 (PDT) Received: from BSDWIN2KKOROUSH ([129.197.244.4]) by lmco.com (PMDF V6.1-1 #40643) with SMTP id <0HGD008P8YU4EH@lmco.com> for freebsd-questions@FreeBSD.ORG; Thu, 12 Jun 2003 13:42:04 -0700 (PDT) Date: Thu, 12 Jun 2003 13:49:32 -0700 From: Koroush Saraf To: freebsd-questions@FreeBSD.ORG Message-id: <00c601c33124$1ffec5c0$04f4c581@BSDWIN2KKOROUSH> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-Priority: 3 X-MSMail-priority: Normal Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: NAT Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2003 20:42:09 -0000 Hi all, I'm trying to setup a BSD box to act as a NAT gateway between private net and public Internet. My requirements is to map the src and destination of the packet according to a set of rules. The BSD box has two public IP addresses. Depending on which interface the packet arrives on it will get routed to a different private destination address. I'm using ipnat with the following mapping on the NAT box. The Nat box has only 1 interface xl0 the ip addresses of this interface are: public 129.197,244.6/24,129.197.244.7/24, 129.197.244.8/24 private 10.77.1.2/24, 10.77.2.2/24 The servers on the private lan are 10.77.1.1/24 and 10.77.2.1/24 on two different subnets. to List of active MAP/Redirect filters: map xl0 129.197.244.7/32 -> 10.77.1.1/32 map xl0 129.197.244.8/32 -> 10.77.2.1/32 map xl0 10.77.1.1/32 -> 129.197.244.7/32 map xl0 10.77.2.1/32 -> 129.197.244.8/32 However I'm not getting the desired results. From a computer with ip address of 129.197.244.2 I ping 129.197.244.8. I expect the icmp packet to reach the BSDNAT box and get translated to the 10.77.2.1 address and forwarded with src address of 10.77.2.2 out of xl0 to the particular server. Then the server would reply back to 10.77.2.2 and it would get translated back to 129.197.244.2 with a source address of 129.197.244.8. But this is not happening. If the source of the Ping is a BSD box, the reply comes back as if I was routed to the destination server, but in reality its not being routed since the destination server doesn't see the packet for example: ping from Freebsd box Pinging 129.197.244.8 with 32 bytes of data: Reply from 10.77.2.1: bytes=32 time<10ms TTL=255 But 10.77.2.1 doesn't really see the ping packets. (verified using tcpdump and the delay metric which remains the same whether I ping 129.197.244.6) and ping from a windows box doesn't even get translated and times out. So In short I need someone to tell me the correct synthax to setup the mapping so that I can map any src and dst IP address into any other Src and dst address and retain the return path as well. thanks for your thoughts in advance, ~koroush