From owner-freebsd-questions@FreeBSD.ORG Tue Apr 14 17:24:23 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F90B1065670 for ; Tue, 14 Apr 2009 17:24:23 +0000 (UTC) (envelope-from Steve@Latcha.com) Received: from mail.latcha.com (mail.latcha.com [65.173.238.25]) by mx1.freebsd.org (Postfix) with ESMTP id 53DD88FC1B for ; Tue, 14 Apr 2009 17:24:22 +0000 (UTC) (envelope-from Steve@Latcha.com) Received: from localhost (localhost [127.0.0.1]) by mail.latcha.com (Postfix) with ESMTP id 62BA063E406 for ; Tue, 14 Apr 2009 13:08:27 -0400 (EDT) X-Virus-Scanned: amavisd-new at latcha.com Received: from mail.latcha.com ([127.0.0.1]) by localhost (mail.latcha.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0DPEqgs9FsX7 for ; Tue, 14 Apr 2009 13:08:26 -0400 (EDT) Received: from [10.73.101.37] (gateway.latcha.com [65.173.238.2]) by mail.latcha.com (Postfix) with ESMTP id DF23B63E3F7 for ; Tue, 14 Apr 2009 13:08:26 -0400 (EDT) Message-Id: <5E0C592A-813B-491C-8F0C-AEABC7E1C150@Latcha.com> From: Steve Krawcke To: mail.list freebsd-questions Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Tue, 14 Apr 2009 13:08:27 -0400 X-Mailer: Apple Mail (2.930.3) Subject: ipnat dmz/internal network issue X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Apr 2009 17:24:23 -0000 I have a gateway setup wing freebsd 7.1 gateway% uname -a FreeBSD gateway.latcha.com 7.1-RELEASE-p2 FreeBSD 7.1-RELEASE-p2 #0: Wed Feb 4 20:27:06 EST 2009 root@gateway3.latcha.com:/usr/obj/usr/ src/sys/GATEWAY amd64 I have 1 external nic , and 2 internal, one for a DMZ and one for the rest of the network em0 is my external, em1 is my internal and em2 is my DMZ I am using ipf and ipnat to get access to the internet, but I am having an issue. I am able to get to the internet via nat on both em1 and em2. I am able to get port/IP redriection working from em0 -> em2 I can access the address space from em1 <-> em2 But if I go to one of the redirected IPs from em1 -> em0 -> em2 it fails. here are my ipnat rules map em1 from 10.75.0.1/24 to 10.73.0.1/16 -> 0/0 map em1 from 65.173.238.2/32 to 10.73.0.1/16 -> 0/0 map em0 from 10.73.0.1/16 to any -> 65.173.238.2/32 portmap tcp/udp auto map em0 from 10.75.0.1/24 to any -> 65.173.238.2/32 portmap tcp/udp auto rdr em0 from any to 65.173.238.27/32 port = 80 -> 10.75.0.29 port 80 tcp rdr em0 from any to 65.173.238.30/32 port = 80 -> 10.75.0.30 port 80 tcp rdr em0 from any to 65.173.238.29/32 port = 80 -> 10.75.0.26 port 80 tcp for now I have the firewall rules disabled, until I get this working, so I know it isn't a firewall issue. Any help would be appreciated. Steve K