Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 4 Aug 2001 13:02:57 +0200 (CEST)
From:      Alban Hertroys <dalroi@solfertje.student.utwente.nl>
To:        freebsd-questions@freebsd.org
Subject:   ipnat won't NAT on boot
Message-ID:  <20010804110259.988BA1DD8@solfertje.student.utwente.nl>
next in thread | raw e-mail | index | archive | help 
For some reason ipnat doesn't seem to NAT after I boot the machine. If
I do "ipnat -l", I get the ruleset it's supposed to use, but no active
sessions and I can't reach the outside world from my network.

If I reload the same(?) ruleset with "ipnat -CF -f /etc/ipnat.rules" it
starts to NAT.

I've tried ipfilter in kernel first, and am using modules now. It
doesn't seem to make a difference.

This got me beaten. Please enlighten me.

In my rc.conf I have:
=====================
inetd_flags="-l -w -W"
network_interfaces="xl0 xl1 lo0"
ifconfig_xl0="inet 130.89.236.150  netmask 255.255.0.0"
ifconfig_xl1="inet 10.236.150.1    netmask 255.255.255.0"
defaultrouter="130.89.1.1"
hostname="solfertje.student.utwente.nl"
gateway_enable="YES"
named_enable="YES"
ipfilter_enable="YES"           # Set to YES to enable ipfilter functionality
ipfilter_flags=""               # should be *empty* when ipf is _not_ a module
                                # (i.e. compiled into the kernel) to
                                # avoid a warning about "already initialized"
ipnat_enable="YES"              # Set to YES for ipnat; needs ipfilter, too!


My /etc/ipnat.rules is:
=======================
# map incoming interface(s) to outside world
map xl0 10.236.150.2/32 -> 130.89.236.150/32 portmap tcp/udp auto
map xl0 10.236.150.2/32 -> 130.89.236.150/32

# redirects
rdr xl0 0.0.0.0/0 port 518  -> 10.236.150.2 port 518  #ntalk
rdr xl0 0.0.0.0/0 port 4000 -> 10.236.150.2 port 4000 #icq
rdr xl0 0.0.0.0/0 port 6666 -> 10.236.150.2 port 23   #telnet
rdr xl0 0.0.0.0/0 port 9999 -> 10.236.150.2 port 21   #ftp (active)
rdr xl0 0.0.0.0/0 port 8888 -> 10.236.150.2 port 80   #http

# 130.89.236.150 is interface in outside world
# 10.236.150.1   is interface on gateway to outside world
# 10.236.150.2   is machine on network


-- 

Alban Hertroys                              http://solfertje.student.utwente.nl
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AD&D:		You fall from the cliff.
		The ground attacks you.
		It missed.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010804110259.988BA1DD8>