Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Sep 2002 15:36:11 -0300 (ART)
From:      Fernando Gleiser <fgleiser@cactus.fi.uba.ar>
To:        J R <jesse_rock206@hotmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: ipnat
Message-ID:  <20020910153032.H2575-100000@cactus.fi.uba.ar>
In-Reply-To: <F236eeO75YAWDI7J1zn00017e10@hotmail.com>
index | next in thread | previous in thread | raw e-mail 

On Tue, 10 Sep 2002, J R wrote:

> Hello,
>      I've been working on this setup and I can't seem to find what I'm doing
> wrong. Here is the gist.
> I have a machine with two interfaces and three IP's bound to the public
> interface. The private interface has an internal address and is connected to
> a machine via a flipped cable. I can ping the machine connected to the
> internal interface, and it can ping its gateway. What I want to do is
> forward all packets coming in to a certain IP address on the public
> interface to the second machine sitting behind the private interface, and
> vice versa.
>
> box 1: fxp0 *.*.*.70 fxp1 192.168.10.1
> box 2: if1 192.168.10.2  (this is a win2k machine btw)
>
> crank# sysctl net.inet.ip.forwarding
> net.inet.ip.forwarding: 1

That's OK

>
> crank# ipnat -l
> List of active MAP/Redirect filters:
> map fxp0 192.168.0.0/16 -> *.*.*.70/32

Tip: if you are NATing for more than two hosts, it is better to use the
'portmap' keyword to prevent address collisions.

> rdr fxp0 *.*.*.70/32 port 80 -> 192.168.10.2 port 80 tcp/udp
> rdr fxp0 *.*.*.70/32 port 3389 -> 192.168.10.2 port 3389 tcp
>

Looking fine.

> Although an nmap scan from the crank machine shows the services listening,
> ipnat does not forward requests from the internet to those ports, ie they
> time out.
> Am I missing something?

Some questions:

1) Are you using ipf besides ipnat? maybe the rules are blocking the packets.
2) is the default gateway on the internal boxes properly set up? maybe that
   host doesn't know how to respond because it doesn't have a default route.
   Try pinging the *external* ip from some *internal box.


Hope this helps.


			Fer


>
> Thank you
>
>
>
>
> _________________________________________________________________
> Join the world’s largest e-mail service with MSN Hotmail.
> http://www.hotmail.com
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020910153032.H2575-100000>