From owner-freebsd-questions Fri Apr 13 8:21:50 2001 Delivered-To: freebsd-questions@freebsd.org Received: from fl-mta03.durocom.com (fl-mta03.durocom.com [216.53.195.244]) by hub.freebsd.org (Postfix) with ESMTP id 03D6837B424 for ; Fri, 13 Apr 2001 08:21:48 -0700 (PDT) (envelope-from mwoodson@wloq.com) Received: from mail.wloq.com ([216.53.133.229]) by fl-mta03.durocom.com with ESMTP id <20010413151906.JMFZ29227.fl-mta03@mail.wloq.com>; Fri, 13 Apr 2001 11:19:06 -0400 Received: from Spooler by mail.wloq.com (Mercury/32 v3.21c) ID MO00020F; 13 Apr 01 11:20:58 -0400 Received: from spooler by wloq.com (Mercury/32 v3.21c); 13 Apr 01 11:19:42 -0400 Received: from ph0t3qn1qu3.wloq.com (192.168.100.3) by mail.wloq.com (Mercury/32 v3.21c) with ESMTP ID MG00020B; 13 Apr 01 11:19:26 -0400 Message-Id: <5.0.2.1.0.20010413110616.02356ec0@192.168.100.3> X-Sender: mwoodson@192.168.100.3 X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Fri, 13 Apr 2001 11:10:20 -0400 To: "Ryan VanMiddlesworth" From: Mark Woodson Subject: Re: IPNAT not working with SOME websites Cc: In-Reply-To: <000701c0c2a0$67333920$0401010a@RYANVM5300> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 10:59 AM 4/11/2001 -0500, Ryan VanMiddlesworth wrote: >I have a dedicated Internet connection to a particular box running FreeBSD >4.2-STABLE that serves as a gateway. The box has two NICs - one to the >Internet (208.196.36.248) and the other to my internal network >(10.1.0.0/16). I have setup ipfilter and am using ipnat to masquerade the >10.1.0.0 addresses as the 208.196.36.248. [snipped] >Here are my ipnat rules: > map ed0 10.1.0.0/16 -> 208.196.36.248/32 proxy port ftp ftp/tcp > map ed0 10.1.0.0/16 -> 208.196.36.248/32 portmap tcp/udp 10000:40000 > map ed0 10.1.0.0/16 -> 208.196.36.248/32 > >So, what am I doing wrong? I've setup masquerading on Linux a million times >(using ipchains) and I've never had any problems like this. I'm am fairly >certain it must be something I'm doing, just because it's such an easily >reproducible problem that I can't believe no one has ever seen (and fixed) >it. Are you sure it's not your filter rules? That sounds much more like you've got something confused with your filter. Have you tried commenting out everything and just putting "pass in all" and "pass out all" to see if that fixes it? If it does then just add the rules back in one at a time until you find out which one it is that's breaking it. Your NAT rules don't look like there's an error in them to me. -Mark Network Administrator Smooth Jazz 103.1 WLOQ Winter Park, FL USA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message