From owner-freebsd-security  Tue Aug 15 15:55:38 2000
Delivered-To: freebsd-security@freebsd.org
Received: from libertad.univalle.edu.co (libertad.univalle.edu.co [216.6.69.11])
	by hub.freebsd.org (Postfix) with ESMTP id EA29A37B9E2
	for <freebsd-security@FreeBSD.ORG>; Tue, 15 Aug 2000 15:55:08 -0700 (PDT)
	(envelope-from buliwyf@libertad.univalle.edu.co)
Received: from localhost (buliwyf@localhost)
	by libertad.univalle.edu.co (8.10.0/8.10.0) with ESMTP id e7FMgec53464
	for <freebsd-security@FreeBSD.ORG>; Tue, 15 Aug 2000 17:42:46 -0500 (COT)
Date: Tue, 15 Aug 2000 17:42:40 -0500 (COT)
From: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co>
To: freebsd-security@FreeBSD.ORG
Subject: About ipnat (The revenge)
Message-ID: <Pine.BSF.4.21.0008151735460.53193-100000@libertad.univalle.edu.co>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


 Ok... im working with ipf and ipnat for do a transparent proxy and
 ip masquerade in the same server (FreeBSD) with just one interface.
 The transparent proxy is working fine... now, i want to do the 
 masquerade for my intranet.
 I was reading about ipnat and i found this:
(Start here)
Network Address Translation (NAT)
Packets coming back in the same interface are remapped, as a matter of
course, to their original address information.

# map all tcp connections from 10.1.0.0/16 to 240.1.0.1, changing the source
# port number to something between 10,000 and 20,000 inclusive.  For all other
# IP packets, allocate an IP # between 240.1.0.0 and 240.1.0.255,temporarily
# for each new user.  In this example, ed1 is the external interface.
# Use ipnat, not ipf to load these rules.
#
map ed1 10.1.0.0/16 -> 240.1.0.1/32 portmap tcp 10000:20000
map ed1 10.1.0.0/16 -> 240.1.0.0/24
(Finish Here)

 I try some rules with ipnat for masquerade my subnet 192.168.0.0 with
 one valid ip (e.g. 200.25.53.10)... but it wasnt work :/
 Anyone can tell what rule i need for my specific case???

 Thanks.

=======================================================================
 Buliwyf McGraw
 Administrador del Servidor Libertad
 Centro de Servicios de Informacion
 Universidad del Valle
=======================================================================



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message