Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 16 Jan 2005 20:20:11 +0000 (GMT)
From:      BSD Bod <bsdbod@yahoo.co.uk>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   ipnat port forwarding froblem
Message-ID:  <20050116202011.82605.qmail@web26503.mail.ukl.yahoo.com>
next in thread | raw e-mail | index | archive | help 
Hi All,

I have an ADSL router with some very basic Firewall
connecting my 
internal network to the internet. I now want to give
myself greater
flexibility and protection and so I have been
attempting to set a 3
homed host running a firewall with nat. 

This host needs to route packets between 2 further
networks, 1 as a
dmz and the other as a protected network, layout as
follows:

                               Internet
                                   |
                              -----------
                --------------| Router 
|--------------
                              -----------  192.168.0.1
                Min protected Net  |
                              ------------ 192.168.0.2
- dc0
                --------------| Firewall
|-------------
            192.168.1.2 - dc1 ------------ 192.168.2.2
- rl0
                      DMZ Net      |       Protected
Net
                                   |

I have tried using both ipfilter+ipnat and pf, and
even tried OpenBSD,
but always have the same problem that forwarding from
the protected
net and the dmz net to the internet fails (no route to
host).

My current configuration is using ipfilter+ipnat on
FreeBSD 5.3

The firewall can reach the internet, dmz and protected
net ok and 
sysctl -a reveals that net.inet.ip.forwarding=1 and
also redirect=1.

My ipnat rules are as folows:
map dc0 192.168.2.0/24 -> 192.168.0.2/32 portmap
tcp/udp 10000:20000
map dc0 192.168.2.0/24 -> 192.168.0.2/32
map dc0 192.168.1.0/24 -> 192.168.0.2/32 portmap
tcp/udp 20001:40000
map dc0 192.168.1.0/24 -> 192.168.0.2/32

In order to get this working I have my internal
firewall open, so that
it does not cause an issue.

For now I just want to get this working using
ipfilter+ipnat and when
I know what the problem is I will try implementing it
using pf.

In the past I have had a firewall connecting to a ADSL
modem using
PPPoA running ipfw and natd on FreeBSD 4.8, but this
is a different
configuration.

I am completely out of ideas, so all are welcome.

Thanks in advance.

Tim Preece.


	
	
		
___________________________________________________________ 
ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050116202011.82605.qmail>