Date: Fri, 26 Jul 2002 10:55:44 -0500 From: "James West" <zerowren@msn.com> To: freebsd-questions@FreeBSD.ORG Subject: IPFilter is Broken (was: NAT with Three NICs) Message-ID: <F11pPJeZLLkZXgrrMsl000024fd@hotmail.com>
next in thread | raw e-mail | index | archive | help
Ok, I know this isn't a ipfilter list, but let's carry on. I got the built-in copy to work via kldload since the other one wouldn't compile. I'm just trying to get NAT to work with the windows machine first, then move on to get the other subnet working. Now, I have two files in /etc: ipf.rules pass in log on rl0 all pass out log on rl0 all pass in log on dc0 all pass out log on dc0 all pass in log on ed0 all pass out log on ed0 all ipnat.rules map rl0 192.168.0.0/24 -> rl0/32 portmap tcp/udp 10000:30000 map rl0 192.168.0.0/24 -> rl0/24 Now, when I flush my ipfw rules and kill natd, I load up ipfilter and first run ipfw -f /etc/ipf.rules then ipnat -f /etc/ipnat.rules Then nothing, nothing is passed, masq'ed or otherwise works. I can't ping the machine or get out from the local machine. Anybody have any ideas? -James >From: Kenneth Culver <culverk@yumyumyum.org> >To: "Roger 'Rocky' Vetterberg" <listsub@rambo.simx.org> >CC: James West <zerowren@msn.com>, <freebsd-questions@FreeBSD.ORG> >Subject: Re: NAT with Three NICs >Date: Thu, 25 Jul 2002 16:06:58 -0400 (EDT) > > > You could run two natd daemons on the gateway machine, one for the win > > machine and one for the macs. Just start another natd listening on > > another port, and add a ipfw divert rule to send the traffic from the > > macs through this new natd. > >Or you could use ipfilter+ipnat, and just add two redirect rules: > >map fxp0 192.168.0.0/24 -> 0/32 portmap tcp/udp 10000:30000 >map fxp0 192.168.1.0/24 -> 0/32 portmap tcp/udp 30000:60000 > >then just make sure you set it up so the 2 internal nics are on the >192.168.0.0/24 and 192.168.1.0/24 subnets respectively and it should work >(I've done similar things.) > >Ken > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F11pPJeZLLkZXgrrMsl000024fd>