Date: Fri, 11 Mar 2011 19:48:47 +0200 From: Kaya Saman <kayasaman@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: Setting up a a route in FreeBSD with NAT issues Message-ID: <4D7A607F.8070805@gmail.com> In-Reply-To: <AANLkTimRCEexx5RBJ207JkkOQhGfMH7UcnGq6cs0DcMi@mail.gmail.com> References: <AANLkTikFs0J_d9_BDYoXecb9JmcxX2e5PkBcuua1fNVq@mail.gmail.com> <AANLkTimRCEexx5RBJ207JkkOQhGfMH7UcnGq6cs0DcMi@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Eventually I got this thing to work by adding the following syntax into the config files: /etc/rc.conf: gateway_enable="YES" hostname="ROUTER.test.org <http://ROUTER.test.org>" ifconfig_em0="inet 172.16.7.136 netmask 255.255.240.0" em0_nat="NO" ifconfig_em1="inet 10.100.100.1 netmask 255.255.255.192" em1_nat="YES" inetd_enable="YES" keymap="uk.iso" sshd_enable="YES" defaultrouter="172.16.0.1" ipnat_enable="YES" ipnat_rules="/etc/ipnat.rules" named_enable="YES" #static_routes="em0 em1" #route_em1="-net 10.100.100.0/26 <http://10.100.100.0/26>; 172.16.0.0/20 <http://172.16.0.0/20>" #route_em0="-net 172.16.0.0 0.0.0.0/0 <http://0.0.0.0/0>" /etc/ipnat.rules #map em0 0.0.0.0/0 <http://0.0.0.0/0>; -> 0/32 proxy port 8080 htto/tcp #map em0 0.0.0.0/0 <http://0.0.0.0/0>; -> 0/32 portmap tcp/udp 10000:65000 #map em0 0.0.0.0/0 <http://0.0.0.0/0>; -> 0/32 #map em0 0.0.0.0/0 <http://0.0.0.0/0>; -> 0/32 auto #map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 proxy port 8080 http/tcp #map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 portmap tcp/udp 10000:65000 #map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 #map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 auto map em0 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 proxy port 8080 http/tcp map em0 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 portmap tcp/udp 10000:65000 map em0 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 map em0 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 auto The trick was in fact to utilize the external interface within the NAT map file then direct the internal network via the 'gateway of last resort' - default route. The config can be easily adapted and modified from here if anyone is interested in doing something similar or adding extra networks in the middle such as a firewall or proxy........ Many thanks, Kaya On 03/11/2011 12:34 PM, Kaya Saman wrote: > Ok I've managed to make some headway however it still isn't working > properly: > > > /etc/ipnat.rules > > > #map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0.0.0.0/32 > <http://0.0.0.0/32>; portmap tcp/udp 10000:65000 > map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0.0.0.0/32 > <http://0.0.0.0/32>; > map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0.0.0.0/32 > <http://0.0.0.0/32>; auto > > > I then added this addition to the end of the > > /etc/rc.conf file: > > > static_routes="em0 em1" > route_em1="-net 10.100.100.0/26 <http://10.100.100.0/26>; 172.16.0.0/20 > <http://172.16.0.0/20>" > route_em0="-net 172.16.0.0 0.0.0.0/0 <http://0.0.0.0/0>" > > > when I run traceroute on my host now I can see it going through the > system however I'm still not sure it's being NAT'd or routed?? > > ROUTER# ipnat -l > List of active MAP/Redirect filters: > map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0.0.0.0/32 > <http://0.0.0.0/32>; > > List of active sessions: > MAP 10.100.100.1 53 <- -> 10.100.100.1 53 [10.100.100.2 32772]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D7A607F.8070805>