Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Mar 2011 19:48:47 +0200
From:      Kaya Saman <kayasaman@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: Setting up a a route in FreeBSD with NAT issues
Message-ID:  <4D7A607F.8070805@gmail.com>
In-Reply-To: <AANLkTimRCEexx5RBJ207JkkOQhGfMH7UcnGq6cs0DcMi@mail.gmail.com>
References:  <AANLkTikFs0J_d9_BDYoXecb9JmcxX2e5PkBcuua1fNVq@mail.gmail.com> <AANLkTimRCEexx5RBJ207JkkOQhGfMH7UcnGq6cs0DcMi@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Eventually I got this thing to work by adding the following syntax into 
the config files:

/etc/rc.conf:


gateway_enable="YES"
hostname="ROUTER.test.org <http://ROUTER.test.org>"
ifconfig_em0="inet 172.16.7.136 netmask 255.255.240.0"
em0_nat="NO"
ifconfig_em1="inet 10.100.100.1 netmask 255.255.255.192"
em1_nat="YES"
inetd_enable="YES"
keymap="uk.iso"
sshd_enable="YES"
defaultrouter="172.16.0.1"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"
named_enable="YES"
#static_routes="em0 em1"
#route_em1="-net 10.100.100.0/26 <http://10.100.100.0/26>; 172.16.0.0/20 
<http://172.16.0.0/20>"
#route_em0="-net 172.16.0.0 0.0.0.0/0 <http://0.0.0.0/0>"


/etc/ipnat.rules

#map em0 0.0.0.0/0 <http://0.0.0.0/0>;       -> 0/32 proxy port 8080 htto/tcp
#map em0 0.0.0.0/0 <http://0.0.0.0/0>;       -> 0/32 portmap tcp/udp 
10000:65000
#map em0 0.0.0.0/0 <http://0.0.0.0/0>;       -> 0/32
#map em0 0.0.0.0/0 <http://0.0.0.0/0>;       -> 0/32 auto

#map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 proxy port 
8080 http/tcp
#map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 portmap 
tcp/udp 10000:65000
#map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32
#map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 auto

map em0 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 proxy port 8080 
http/tcp
map em0 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 portmap tcp/udp 
10000:65000
map em0 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32
map em0 10.100.100.0/26 <http://10.100.100.0/26>; -> 0/32 auto


The trick was in fact to utilize the external interface within the NAT 
map file then direct the internal network via the 'gateway of last 
resort' - default route.


The config can be easily adapted and modified from here if anyone is 
interested in doing something similar or adding extra networks in the 
middle such as a firewall or proxy........


Many thanks,


Kaya

On 03/11/2011 12:34 PM, Kaya Saman wrote:
> Ok I've managed to make some headway however it still isn't working 
> properly:
>
>
> /etc/ipnat.rules
>
>
> #map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0.0.0.0/32 
> <http://0.0.0.0/32>; portmap tcp/udp 10000:65000
> map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0.0.0.0/32 
> <http://0.0.0.0/32>;
> map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0.0.0.0/32 
> <http://0.0.0.0/32>; auto
>
>
> I then added this addition to the end of the
>
> /etc/rc.conf file:
>
>
> static_routes="em0 em1"
> route_em1="-net 10.100.100.0/26 <http://10.100.100.0/26>; 172.16.0.0/20 
> <http://172.16.0.0/20>"
> route_em0="-net 172.16.0.0 0.0.0.0/0 <http://0.0.0.0/0>"
>
>
> when I run traceroute on my host now I can see it going through the 
> system however I'm still not sure it's being NAT'd or routed??
>
> ROUTER# ipnat -l
> List of active MAP/Redirect filters:
> map em1 10.100.100.0/26 <http://10.100.100.0/26>; -> 0.0.0.0/32 
> <http://0.0.0.0/32>;
>
> List of active sessions:
> MAP 10.100.100.1    53 <- -> 10.100.100.1    53    [10.100.100.2 32772]




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D7A607F.8070805>