Date: Wed, 28 Jan 1998 09:06:47 +0000 From: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE> To: Brian Somers <brian@awfulhak.org> Cc: freebsd-questions@FreeBSD.ORG, chrisa@commlet.com Subject: Re: natd/libalias question Message-ID: <19980128090647.59235@gil.physik.rwth-aachen.de> In-Reply-To: <199712240148.BAA18064@awfulhak.demon.co.uk>; from Brian Somers on Wed, Dec 24, 1997 at 01:48:45AM %2B0000 References: <9712231512.aa08867@commlet.commlet.com> <199712240148.BAA18064@awfulhak.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 24, 1997 at 01:48:45AM +0000, Brian Somers wrote:
> > Greetings,
> >
> > Do the packet aliasing functions in libalias only work with private
> > IP addresses? 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.
>
> No - any addresses are fair game :-)
>
> > I am setting up a firewall for our (as yet undelivered) internet line
> > and my predecessors decided to make our interior network 126.0.0.0/24. I plan
> > on changing this but for testing purposes of natd & ipfw I have left these
> > alone. It appears that libalias is not doing what is says it should. I have
> > natd started with -redirect_address 126.0.0.90 38.156.234.7 which according to
> > the man pages for libalias & natd should allow outgoing requests from 126.0.0.90to appear as 38.156.234.7 and incoming requests for 38.156.234.7 to go to
> > 126.0.0.90.
> >
> > Here is my network setup:
> >
> > 126.0.0.90 Internal machine
> > 38.156.234.5 2.2.5-RELEASE with natd and ipfw running
> > ed1 connected to 126.0.0.0/24
> > ed0 connected to 38.156.234.0/24
> > 38.156.234.3 2.2.5-RELEASE
> >
> > I run natd like so on 38.156.234.5:
> > natd -v -redirect_address 126.0.0.90 38.156.234.7 -n ed0
> >
> > And I ping 38.156.234.3 from 126.0.0.90. Ping gets packets from 38.156.234.3
> > but when I look at the output from natd I see:
> >
> > Out [ICMP] 126.0.0.90 -> 38.156.234.3 aliased to
> > 38.156.234.5 -> 38.156.234.3
> > In [ICMP] 38.156.234.3 -> 38.156.234.5 aliased to
> > 38.156.234.3 -> 126.0.0.90
> >
> > Now according to the manpages, the output above should have .5 replaced with
> > .7
> >
> > Any ideas?
>
> Maybe the problem is that you're not quoting the argument to
> -redirect_address ?
Sorry, it's a while back but I found this in the questions list while
seeking for tips to set up my natd/ipfw.
What do you mean by quoting? Where in the man page is this said?
I'm desparately trying to establish natd/ipfw on my local network
with one gateway machine to the internet.
|
ISDN (bisdn)
|
|
137.226.123.27
|
FreeBSD BOX (gateway)
ipi0: flags=2851<UP,POINTOPOINT,RUNNING,SIMPLEX,LINK1> mtu 1500
inet 137.226.123.27 --> 137.226.123.1 netmask 0xffffffff
|
le0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.119 netmask 0xffffff00 broadcast 192.168.1.255
ether 08:00:b9:34:c6:e8
|
192.168.1.119
|
----------+-----------------------+----------------+-------------
| |
192.168.1.114
(inside)
I only have one official IP address. I want to set up natd/ipfw
such that I can go out from the inside machine (192.168.1.114)
to the outside world. From the few I understand about natd this is
possible.
But how do I set it up.
This is my present /etc/rc.firewall:
/sbin/ipfw -f flush
##/sbin/ipfw add divert natd all from any to any via le0
##/sbin/ipfw add divert natd all from 192.168.1.114 to 192.168.1.119 via le0
##/sbin/ipfw add divert natd all from 192.168.1.119 to 137.226.145.27 via ipi0
/sbin/ipfw add pass all from any to any
You see my desparate signs of experimenting.
Routing info on the gateway:
isdn-kukulies# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 137.226.123.1 UGSc 3 1725 ipi0
127.0.0.1 127.0.0.1 UH 0 0 lo0
137.226.123.1 137.226.123.27 UH 2 11 ipi0
192.168.0.1 192.168.1.119 UH 0 0 ipi1
192.168.0.4 192.168.1.119 UGHS 0 0 ipi0
192.168.1 link#1 UC 0 0
192.168.1.114 0:0:c0:47:c5:a1 UHLW 1 1073 le0 157
192.168.1.119 8:0:b9:34:c6:e8 UHLW 0 6 lo0
192.168.1.217 0:e0:29:b:7e:4a UHLW 0 1 le0 655
AppleTalk:
Destination Gateway Flags Refs Use Netif Expire
>
> > Chris Aubuchon
> > chrisa@commlet.com
> >
>
> --
> Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
> <http://www.Awfulhak.org>;
> Don't _EVER_ lose your sense of humour....
>
--
Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980128090647.59235>