From owner-freebsd-questions@FreeBSD.ORG Sun Jan 16 20:20:13 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3530916A4CE for ; Sun, 16 Jan 2005 20:20:13 +0000 (GMT) Received: from web26503.mail.ukl.yahoo.com (web26503.mail.ukl.yahoo.com [217.146.176.40]) by mx1.FreeBSD.org (Postfix) with SMTP id 79E6643D2F for ; Sun, 16 Jan 2005 20:20:12 +0000 (GMT) (envelope-from bsdbod@yahoo.co.uk) Received: (qmail 82607 invoked by uid 60001); 16 Jan 2005 20:20:11 -0000 Message-ID: <20050116202011.82605.qmail@web26503.mail.ukl.yahoo.com> Received: from [62.55.150.153] by web26503.mail.ukl.yahoo.com via HTTP; Sun, 16 Jan 2005 20:20:11 GMT Date: Sun, 16 Jan 2005 20:20:11 +0000 (GMT) From: BSD Bod To: FreeBSD Questions MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: ipnat port forwarding froblem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jan 2005 20:20:13 -0000 Hi All, I have an ADSL router with some very basic Firewall connecting my internal network to the internet. I now want to give myself greater flexibility and protection and so I have been attempting to set a 3 homed host running a firewall with nat. This host needs to route packets between 2 further networks, 1 as a dmz and the other as a protected network, layout as follows: Internet | ----------- --------------| Router |-------------- ----------- 192.168.0.1 Min protected Net | ------------ 192.168.0.2 - dc0 --------------| Firewall |------------- 192.168.1.2 - dc1 ------------ 192.168.2.2 - rl0 DMZ Net | Protected Net | I have tried using both ipfilter+ipnat and pf, and even tried OpenBSD, but always have the same problem that forwarding from the protected net and the dmz net to the internet fails (no route to host). My current configuration is using ipfilter+ipnat on FreeBSD 5.3 The firewall can reach the internet, dmz and protected net ok and sysctl -a reveals that net.inet.ip.forwarding=1 and also redirect=1. My ipnat rules are as folows: map dc0 192.168.2.0/24 -> 192.168.0.2/32 portmap tcp/udp 10000:20000 map dc0 192.168.2.0/24 -> 192.168.0.2/32 map dc0 192.168.1.0/24 -> 192.168.0.2/32 portmap tcp/udp 20001:40000 map dc0 192.168.1.0/24 -> 192.168.0.2/32 In order to get this working I have my internal firewall open, so that it does not cause an issue. For now I just want to get this working using ipfilter+ipnat and when I know what the problem is I will try implementing it using pf. In the past I have had a firewall connecting to a ADSL modem using PPPoA running ipfw and natd on FreeBSD 4.8, but this is a different configuration. I am completely out of ideas, so all are welcome. Thanks in advance. Tim Preece. ___________________________________________________________ ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com