Date: Tue, 10 Sep 2002 15:36:11 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: J R <jesse_rock206@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipnat Message-ID: <20020910153032.H2575-100000@cactus.fi.uba.ar> In-Reply-To: <F236eeO75YAWDI7J1zn00017e10@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Sep 2002, J R wrote: > Hello, > I've been working on this setup and I can't seem to find what I'm do= ing > wrong. Here is the gist. > I have a machine with two interfaces and three IP's bound to the public > interface. The private interface has an internal address and is connected= to > a machine via a flipped cable. I can ping the machine connected to the > internal interface, and it can ping its gateway. What I want to do is > forward all packets coming in to a certain IP address on the public > interface to the second machine sitting behind the private interface, and > vice versa. > > box 1: fxp0 *.*.*.70 fxp1 192.168.10.1 > box 2: if1 192.168.10.2 (this is a win2k machine btw) > > crank# sysctl net.inet.ip.forwarding > net.inet.ip.forwarding: 1 That's OK > > crank# ipnat -l > List of active MAP/Redirect filters: > map fxp0 192.168.0.0/16 -> *.*.*.70/32 Tip: if you are NATing for more than two hosts, it is better to use the 'portmap' keyword to prevent address collisions. > rdr fxp0 *.*.*.70/32 port 80 -> 192.168.10.2 port 80 tcp/udp > rdr fxp0 *.*.*.70/32 port 3389 -> 192.168.10.2 port 3389 tcp > Looking fine. > Although an nmap scan from the crank machine shows the services listening= , > ipnat does not forward requests from the internet to those ports, ie they > time out. > Am I missing something? Some questions: 1) Are you using ipf besides ipnat? maybe the rules are blocking the packet= s. 2) is the default gateway on the internal boxes properly set up? maybe that host doesn't know how to respond because it doesn't have a default route= =2E Try pinging the *external* ip from some *internal box. Hope this helps. =09=09=09Fer > > Thank you > > > > > _________________________________________________________________ > Join the world=92s largest e-mail service with MSN Hotmail. > http://www.hotmail.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020910153032.H2575-100000>