From owner-freebsd-net  Tue Dec  4 12:45:19 2001
Delivered-To: freebsd-net@freebsd.org
Received: from c7.campus.utcluj.ro (c7.campus.utcluj.ro [193.226.6.226])
	by hub.freebsd.org (Postfix) with SMTP id F031937B416
	for <net@freebsd.org>; Tue,  4 Dec 2001 12:44:25 -0800 (PST)
Received: (qmail 345 invoked by uid 1008); 4 Dec 2001 20:44:36 -0000
Date: Tue, 4 Dec 2001 22:44:36 +0200
From: veedee@c7.campus.utcluj.ro
To: Arjan de Vet <devet@devet.org>
Cc: net@freebsd.org
Subject: Re: ipnat
Message-ID: <20011204224435.A299@c7.campus.utcluj.ro>
References: <20011204210510.A1833@c7.campus.utcluj.ro> <20011204211807.A95642@adv.devet.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011204211807.A95642@adv.devet.org>; from devet@devet.org on Tue, Dec 04, 2001 at 09:18:08PM +0100
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Tue, Dec 04, 2001 at 09:18:08PM +0100, Arjan de Vet wrote:
> In article <20011204210510.A1833@c7.campus.utcluj.ro> you write:
> ># allow everything to the another building
> >add allow ip from any to 172.27.40.0/23
> >add divert natd ip from any to any via xl0
> >add allow ip from any to any
> 
> I'm not familiar with natd but I guess this means that traffic towards
> 172.27.40.0/23 should not be NATted but the rest should.
yup... exactly!

> >-- ipnat.rules --
> >map xl0 172.27.0.0/23 -> x.x.x.x/32 proxy port ftp ftp/tcp
> >map xl0 from 172.27.0.0/23 to any -> x.x.x.x/32
> 
> Try something like this:
> 
> map xl0 from 172.27.0.0/23 to 172.27.40.0/23 -> 0/0 proxy port ftp ftp/tcp
> map xl0 from 172.27.0.0/23 to 172.27.40.0/23 -> 0/0
> map xl0 from 172.27.0.0/23 to any -> x.x.x.x/32 proxy port ftp ftp/tcp
> map xl0 from 172.27.0.0/23 to any -> x.x.x.x/32
> 
> 0/0 is a special directive to indicate that no NAT-ing should take place
> (0/32 is shorthand for the current IP address of the xl0 interface,
> useful if that address is obtained via DHCP).
nice.. had no idea about that (does it says that in the documentation?).

unfortunatly it still doesn't work :(

for instance... telnet x.x.x.x 25 works from 172.27.40.123 but telnet
172.27.0.1 25 doesnt :(

> The first two rules say that traffic from 172.27.0.0/23 towards
> 172.27.40.0/23 should not be natted (but the kernel ftp proxy is still
> used in this case). The rest will be NAT-ed to x.x.x.x.
> >-- rc.conf --
> >ipfilter_enable="YES"
> >ipfilter_program="/sbin/ipf -Fa -f"
> >ipfilter_flags=""
> >ipfilter_rules="/etc/ipf.rules"
> >ipnat_enable="YES"
> >ipnat_program="/sbin/ipnat -CF -f"
> >ipnat_rules="/etc/ipnat.rules"
> >ipmon_enable="YES"
> >ipmon_program="/sbin/ipmon"
> >ipmon_flags="-Ds"
> You only need the _enable variables here.
I know. I provided the output for you guys just in case ...

Best regards,
veedee.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message