Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 9 Nov 2005 17:48:04 +0800
From:      Nik <nikruzhan@gmail.com>
To:        current@freebsd.org
Subject:   One to one mappings issues using IPnat
Message-ID:  <60ffc71f0511090148i7a35de05i4274b54feae07276@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
Hi,

I'm using ipnat for one to one mappings in my FreeBSD router using IPnat. I
got several interfaces plus Vlans ;

rl0 - Local (192.168.0.x), em0, em1, em2, em3 - External (internet), em4,
vlan0, vlan1, vlan2, vlan3, vlan4, vlan5, vlan6, vlan7, vlan8, vlan9 - DMZ =
(
202.xxx.10.x).

my ipnat.rules ;

map em3 192.168.0.0/24 <http://192.168.0.0/24>; -> 0/32 portmap tcp/udp auto
map em3 192.168.0.0/24 <http://192.168.0.0/24>; -> 0/32

# Server
bimap em3 192.168.0.22/32 <http://192.168.0.22/32>; -> 202.xxx.10.7/32
bimap vlan2 192.168.0.22/32 <http://192.168.0.22/32>; -> 202.xxx.10.7/32
bimap vlan3 192.168.0.22/32 <http://192.168.0.22/32>; -> 202.xxx.10.7/32
bimap vlan4 192.168.0.22/32 <http://192.168.0.22/32>; -> 202.xxx.10.7/32
bimap vlan5 192.168.0.22/32 <http://192.168.0.22/32>; -> 202.xxx.10.7/32
bimap rl0 192.168.0.22/32 <http://192.168.0.22/32>; -> 202.xxx.10.7/32

202.xxx.10.7/32 was included in vlan9, my local already can ping to
202.xxx.10.7 and that's mean it's working at Lan but the problem is I can't
ping 202.xxx.10.7 from another same subnet ip eg: 202.xxx.10.10 and it give
me this result ;

[root@SatelliteVod ~]# ping 202.xxx.10.7
PING 202.xxx.10.7 (202.xxx.10.7) 56(84) bytes of data.
>From 202.xxx.10.10 icmp_seq=3D0 Destination Host Unreachable
>From 202.xxx.10.10 icmp_seq=3D1 Destination Host Unreachable
>From 202.xxx.10.10 icmp_seq=3D2 Destination Host Unreachable

Also I can't ping 202.xxx.10.7 from router itself, it's give me this result
;

> ping 202.xxx.10.7
PING 202.xxx.10.7 (202.xxx.10.7): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down

--- 202.xxx.10.7 ping statistics ---
9 packets transmitted, 0 packets received, 100% packet loss

There's no problem when I try to ping the server from outside. I just pass
all out and pass in all in my ipf.rules so I think there's no problem with
ipfilter.

Thanks,
Nik.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?60ffc71f0511090148i7a35de05i4274b54feae07276>