From owner-freebsd-security Mon Apr 14 00:55:55 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA24770 for security-outgoing; Mon, 14 Apr 1997 00:55:55 -0700 (PDT) Received: from relaybr.eunet.fr (relaybr.EUnet.fr [193.107.210.133]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id AAA24765 for ; Mon, 14 Apr 1997 00:55:46 -0700 (PDT) Received: from ericf.EUnet-Bretagne.fr ([193.107.210.161]) by relaybr.eunet.fr (8.6.12/8.6.9) with SMTP id JAA24819; Mon, 14 Apr 1997 09:58:31 +0200 Message-ID: <3351E541.1F0@EUnet-Bretagne.fr> Date: Mon, 14 Apr 1997 10:05:21 +0200 From: Eric Feillant Reply-To: Eric.Feillant@EUnet-Bretagne.fr Organization: EUnet BRETAGNE groupe EUnet X-Mailer: Mozilla 3.01 (Win95; I) MIME-Version: 1.0 To: Darren Reed CC: proff@suburbia.net, ipfilter@postbox.anu.edu.au, security@freebsd.org Subject: Re: ipfilter-proff-final.shar.gz References: <199704120213.MAA23890@plum.cyber.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Darren Reed wrote: > > In some mail I received from Eric Feillant, sie wrote > > > > proff@suburbia.net wrote: > > > > > > ftp://ftp.freebsd.org/pub/FreeBSD/incoming/ipfilter-proff-final.shar.gz (112k) > > > > > > I'm done. I've tested this release fairly heavily under both -current > > > and 2.2.1 and am happy with it. I have heavy time contraints for > > > the next few weeks/months, and I know avalon is facing similar > > > difficulties. I'm handing over the torch to another bearer. > > > > > > No more troubles for installing this package now... > > > > We are still trying to run IPNAT without any good results.... > > > > our natrules: > > > > map ed0 192.168.1.1/32 -> 193.107.210.225/32 > > > > our external interface is ed0 (193.107.210) > > our internal interface is ed1 (192.168.1) > > If you have multiple hosts inside your network, on the 192.168.1 net, > then you need to use "192.168.1.0/24". > > Darren We still have a problem: Here is our config: localnet (192.168.1.0)---> 192.168.1.1 (Sun/SunOS or FreeBSD2.2)193.107.210.129 --->193.107.210.0 Here's our NATRULES FILE: map ie1 192.168.1.0/24 -> 193.107.210.225/32 ie1 is our INTERNAL interface (192.168.1.1) Here's my netstat -rn config output: Routing tables Destination Gateway Flags Refcnt Use Interface 127.0.0.1 127.0.0.1 UH 4 666 lo0 default 193.107.210.1 UG 0 457 le0 192.168.1.0 192.168.1.1 U 0 21 ie1 193.107.210.0 193.107.210.129 U 4 163 le0 When we try tcpdump on ie1 (internal int.): we are not able to receive reply packets from the outside world. What's going wrong ????? Thanx for help, -- ========= ____ ===== Eric Feillant ======== / / / ___ ___ /_ ====== EUnet BRETAGNE ======= /---- / / / / /___/ / ======= 140, bd de Creach Gwen ====== /____ /___/ / / /___ /_ ======== 29000 QUIMPER, France ===== Bretagne ========= Tel:(+33) 298101620 Fax:(+33) 298828788 Eric.Feillant@EUnet.fr http://www.EUnet.fr Partenaire CISCO, CHECKPOINT (FIREWALL), BAY NETWORKS, UB NETWORK, SUN, CITRIX