From owner-freebsd-questions Wed Jan 28 01:09:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA22419 for questions-outgoing; Wed, 28 Jan 1998 01:09:08 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from gilberto.physik.RWTH-Aachen.DE (gilberto.physik.rwth-aachen.de [137.226.30.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA22414 for ; Wed, 28 Jan 1998 01:09:02 -0800 (PST) (envelope-from kuku@gilberto.physik.RWTH-Aachen.DE) Received: (from kuku@localhost) by gilberto.physik.RWTH-Aachen.DE (8.8.7/8.8.7) id KAA05626; Wed, 28 Jan 1998 10:13:30 GMT (envelope-from kuku) Message-ID: <19980128101330.57483@gil.physik.rwth-aachen.de> Date: Wed, 28 Jan 1998 10:13:30 +0000 From: Christoph Kukulies To: Christoph Kukulies Cc: Brian Somers , freebsd-questions@FreeBSD.ORG, chrisa@commlet.com Subject: Re: natd/libalias question References: <9712231512.aa08867@commlet.commlet.com> <199712240148.BAA18064@awfulhak.demon.co.uk> <19980128090647.59235@gil.physik.rwth-aachen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.81e In-Reply-To: <19980128090647.59235@gil.physik.rwth-aachen.de>; from Christoph Kukulies on Wed, Jan 28, 1998 at 09:06:47AM +0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk On Wed, Jan 28, 1998 at 09:06:47AM +0000, Christoph Kukulies wrote: > On Wed, Dec 24, 1997 at 01:48:45AM +0000, Brian Somers wrote: > > > Greetings, > > > > > > Do the packet aliasing functions in libalias only work with private > > > IP addresses? 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. > > > > No - any addresses are fair game :-) > > > > > I am setting up a firewall for our (as yet undelivered) internet line > > > and my predecessors decided to make our interior network 126.0.0.0/24. I plan > > > on changing this but for testing purposes of natd & ipfw I have left these > > > alone. It appears that libalias is not doing what is says it should. I have > > > natd started with -redirect_address 126.0.0.90 38.156.234.7 which according to > > > the man pages for libalias & natd should allow outgoing requests from 126.0.0.90to appear as 38.156.234.7 and incoming requests for 38.156.234.7 to go to > > > 126.0.0.90. > > > > > > Here is my network setup: > > > > > > 126.0.0.90 Internal machine > > > 38.156.234.5 2.2.5-RELEASE with natd and ipfw running > > > ed1 connected to 126.0.0.0/24 > > > ed0 connected to 38.156.234.0/24 > > > 38.156.234.3 2.2.5-RELEASE > > > > > > I run natd like so on 38.156.234.5: > > > natd -v -redirect_address 126.0.0.90 38.156.234.7 -n ed0 > > > > > > And I ping 38.156.234.3 from 126.0.0.90. Ping gets packets from 38.156.234.3 > > > but when I look at the output from natd I see: > > > > > > Out [ICMP] 126.0.0.90 -> 38.156.234.3 aliased to > > > 38.156.234.5 -> 38.156.234.3 > > > In [ICMP] 38.156.234.3 -> 38.156.234.5 aliased to > > > 38.156.234.3 -> 126.0.0.90 > > > > > > Now according to the manpages, the output above should have .5 replaced with > > > .7 > > > > > > Any ideas? > > > > Maybe the problem is that you're not quoting the argument to > > -redirect_address ? > > Sorry, it's a while back but I found this in the questions list while > seeking for tips to set up my natd/ipfw. > > What do you mean by quoting? Where in the man page is this said? > > I'm desparately trying to establish natd/ipfw on my local network > with one gateway machine to the internet. > > | > ISDN (bisdn) > | > | > 137.226.123.27 > | > FreeBSD BOX (gateway) > ipi0: flags=2851 mtu 1500 > inet 137.226.123.27 --> 137.226.123.1 netmask 0xffffffff > | > le0: flags=8843 mtu 1500 > inet 192.168.1.119 netmask 0xffffff00 broadcast 192.168.1.255 > ether 08:00:b9:34:c6:e8 > | > 192.168.1.119 > | > ----------+-----------------------+----------------+------------- > | | > 192.168.1.114 > (inside) > > I only have one official IP address. I want to set up natd/ipfw > such that I can go out from the inside machine (192.168.1.114) > to the outside world. From the few I understand about natd this is > possible. > > But how do I set it up. > This is my present /etc/rc.firewall: > /sbin/ipfw -f flush > ##/sbin/ipfw add divert natd all from any to any via le0 > ##/sbin/ipfw add divert natd all from 192.168.1.114 to 192.168.1.119 via le0 > ##/sbin/ipfw add divert natd all from 192.168.1.119 to 137.226.145.27 via ipi0 > /sbin/ipfw add pass all from any to any > > You see my desparate signs of experimenting. > > Routing info on the gateway: > > isdn-kukulies# netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 137.226.123.1 UGSc 3 1725 ipi0 > 127.0.0.1 127.0.0.1 UH 0 0 lo0 > 137.226.123.1 137.226.123.27 UH 2 11 ipi0 > 192.168.0.1 192.168.1.119 UH 0 0 ipi1 > 192.168.0.4 192.168.1.119 UGHS 0 0 ipi0 > 192.168.1 link#1 UC 0 0 > 192.168.1.114 0:0:c0:47:c5:a1 UHLW 1 1073 le0 157 > 192.168.1.119 8:0:b9:34:c6:e8 UHLW 0 6 lo0 > 192.168.1.217 0:e0:29:b:7e:4a UHLW 0 1 le0 655 > > AppleTalk: > Destination Gateway Flags Refs Use Netif Expire > > > > > > > Chris Aubuchon > > > chrisa@commlet.com > > > > > > > -- > > Brian , , > > > > Don't _EVER_ lose your sense of humour.... > > > -- > Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de It works! With the following /etc/rc.firewall: /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via le0 /sbin/ipfw add divert natd all from any to any via ipi0 /sbin/ipfw add pass all from any to any And the following natd start line: natd -redirect_address 192.168.1.114 0.0.0.0 -n ipi0 I still have to understand why this natd line makes it work for any host on my local network, though :-) -- Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de