From owner-freebsd-questions Fri Jul 26 8:55:48 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0265B37B400 for ; Fri, 26 Jul 2002 08:55:45 -0700 (PDT) Received: from hotmail.com (f11.pav0.hotmail.com [64.4.33.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3CFD43E3B for ; Fri, 26 Jul 2002 08:55:44 -0700 (PDT) (envelope-from zerowren@msn.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 26 Jul 2002 08:55:44 -0700 Received: from 206.11.232.29 by pv0fd.pav0.hotmail.msn.com with HTTP; Fri, 26 Jul 2002 15:55:44 GMT X-Originating-IP: [206.11.232.29] From: "James West" To: freebsd-questions@FreeBSD.ORG Subject: IPFilter is Broken (was: NAT with Three NICs) Date: Fri, 26 Jul 2002 10:55:44 -0500 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 26 Jul 2002 15:55:44.0614 (UTC) FILETIME=[E68AB060:01C234BC] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ok, I know this isn't a ipfilter list, but let's carry on. I got the built-in copy to work via kldload since the other one wouldn't compile. I'm just trying to get NAT to work with the windows machine first, then move on to get the other subnet working. Now, I have two files in /etc: ipf.rules pass in log on rl0 all pass out log on rl0 all pass in log on dc0 all pass out log on dc0 all pass in log on ed0 all pass out log on ed0 all ipnat.rules map rl0 192.168.0.0/24 -> rl0/32 portmap tcp/udp 10000:30000 map rl0 192.168.0.0/24 -> rl0/24 Now, when I flush my ipfw rules and kill natd, I load up ipfilter and first run ipfw -f /etc/ipf.rules then ipnat -f /etc/ipnat.rules Then nothing, nothing is passed, masq'ed or otherwise works. I can't ping the machine or get out from the local machine. Anybody have any ideas? -James >From: Kenneth Culver >To: "Roger 'Rocky' Vetterberg" >CC: James West , >Subject: Re: NAT with Three NICs >Date: Thu, 25 Jul 2002 16:06:58 -0400 (EDT) > > > You could run two natd daemons on the gateway machine, one for the win > > machine and one for the macs. Just start another natd listening on > > another port, and add a ipfw divert rule to send the traffic from the > > macs through this new natd. > >Or you could use ipfilter+ipnat, and just add two redirect rules: > >map fxp0 192.168.0.0/24 -> 0/32 portmap tcp/udp 10000:30000 >map fxp0 192.168.1.0/24 -> 0/32 portmap tcp/udp 30000:60000 > >then just make sure you set it up so the 2 internal nics are on the >192.168.0.0/24 and 192.168.1.0/24 subnets respectively and it should work >(I've done similar things.) > >Ken > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message