From owner-freebsd-questions@FreeBSD.ORG Fri Mar 11 17:49:20 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E22111065672 for ; Fri, 11 Mar 2011 17:49:20 +0000 (UTC) (envelope-from kayasaman@gmail.com) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id 68DBD8FC18 for ; Fri, 11 Mar 2011 17:49:20 +0000 (UTC) Received: by fxm11 with SMTP id 11so1449861fxm.13 for ; Fri, 11 Mar 2011 09:49:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type; bh=yTMt/X1AowkPSW3GvWdh/CXoHDpZYdaefBPY9+BN1tY=; b=o1mganX/0gXhhI5I5YlJdLLWMFdkNXoxMvE3UiSKuNsIVMRlDO+Uh8zDplx9kaKLl2 tbRtRNfG6zkmbpZISw9b9ls5leaUrQxh5wNKgz2Lu0VDeTf4pqGrBBagS7eK9lONFGZn CQuXZvyZSGOOtRjc0HN0pdol2weLNkv+Qw8ks= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; b=ouVzWB2DG2/wDadVz+dH/57IuDCSJbN21ibx6qDdw9pjywbM+9Qyav/ycK0QI9uCBj DOmBMogHR8cFRYtBXGSMEAwaXWjuKaJd6KXmQ3jQJ6e52PgiRmGFIGsu+1yXP5DFX6nW 5Ez+u6ajAXXEhJ/iNg2Ty0knz2G1jJ3I+tqz8= Received: by 10.223.64.201 with SMTP id f9mr77913fai.102.1299865731922; Fri, 11 Mar 2011 09:48:51 -0800 (PST) Received: from [172.16.0.66] ([78.186.130.149]) by mx.google.com with ESMTPS id o17sm2036199fal.1.2011.03.11.09.48.49 (version=SSLv3 cipher=OTHER); Fri, 11 Mar 2011 09:48:50 -0800 (PST) Message-ID: <4D7A607F.8070805@gmail.com> Date: Fri, 11 Mar 2011 19:48:47 +0200 From: Kaya Saman User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.8) Gecko/20100227 Lightning/1.0b1 Thunderbird/3.0.3 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Setting up a a route in FreeBSD with NAT issues X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Mar 2011 17:49:21 -0000 Eventually I got this thing to work by adding the following syntax into the config files: /etc/rc.conf: gateway_enable="YES" hostname="ROUTER.test.org " ifconfig_em0="inet 172.16.7.136 netmask 255.255.240.0" em0_nat="NO" ifconfig_em1="inet 10.100.100.1 netmask 255.255.255.192" em1_nat="YES" inetd_enable="YES" keymap="uk.iso" sshd_enable="YES" defaultrouter="172.16.0.1" ipnat_enable="YES" ipnat_rules="/etc/ipnat.rules" named_enable="YES" #static_routes="em0 em1" #route_em1="-net 10.100.100.0/26 172.16.0.0/20 " #route_em0="-net 172.16.0.0 0.0.0.0/0 " /etc/ipnat.rules #map em0 0.0.0.0/0 -> 0/32 proxy port 8080 htto/tcp #map em0 0.0.0.0/0 -> 0/32 portmap tcp/udp 10000:65000 #map em0 0.0.0.0/0 -> 0/32 #map em0 0.0.0.0/0 -> 0/32 auto #map em1 10.100.100.0/26 -> 0/32 proxy port 8080 http/tcp #map em1 10.100.100.0/26 -> 0/32 portmap tcp/udp 10000:65000 #map em1 10.100.100.0/26 -> 0/32 #map em1 10.100.100.0/26 -> 0/32 auto map em0 10.100.100.0/26 -> 0/32 proxy port 8080 http/tcp map em0 10.100.100.0/26 -> 0/32 portmap tcp/udp 10000:65000 map em0 10.100.100.0/26 -> 0/32 map em0 10.100.100.0/26 -> 0/32 auto The trick was in fact to utilize the external interface within the NAT map file then direct the internal network via the 'gateway of last resort' - default route. The config can be easily adapted and modified from here if anyone is interested in doing something similar or adding extra networks in the middle such as a firewall or proxy........ Many thanks, Kaya On 03/11/2011 12:34 PM, Kaya Saman wrote: > Ok I've managed to make some headway however it still isn't working > properly: > > > /etc/ipnat.rules > > > #map em1 10.100.100.0/26 -> 0.0.0.0/32 > portmap tcp/udp 10000:65000 > map em1 10.100.100.0/26 -> 0.0.0.0/32 > > map em1 10.100.100.0/26 -> 0.0.0.0/32 > auto > > > I then added this addition to the end of the > > /etc/rc.conf file: > > > static_routes="em0 em1" > route_em1="-net 10.100.100.0/26 172.16.0.0/20 > " > route_em0="-net 172.16.0.0 0.0.0.0/0 " > > > when I run traceroute on my host now I can see it going through the > system however I'm still not sure it's being NAT'd or routed?? > > ROUTER# ipnat -l > List of active MAP/Redirect filters: > map em1 10.100.100.0/26 -> 0.0.0.0/32 > > > List of active sessions: > MAP 10.100.100.1 53 <- -> 10.100.100.1 53 [10.100.100.2 32772]