From owner-freebsd-questions@FreeBSD.ORG Tue Jun 10 15:27:01 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18C3B37B401 for ; Tue, 10 Jun 2003 15:27:01 -0700 (PDT) Received: from mailgw2a.lmco.com (mailgw2a.lmco.com [192.91.147.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id E90D743FA3 for ; Tue, 10 Jun 2003 15:26:59 -0700 (PDT) (envelope-from koroush.saraf@lmco.com) Received: from emss01g01.ems.lmco.com ([129.197.181.54]) by mailgw2a.lmco.com (8.11.6p2/8.11.6) with ESMTP id h5AMQwG26495 for ; Tue, 10 Jun 2003 18:26:58 -0400 (EDT) Received: from CONVERSION-DAEMON.lmco.com by lmco.com (PMDF V6.1-1 #40643) id <0HGA00401ECXUQ@lmco.com> for freebsd-questions@FreeBSD.ORG; Tue, 10 Jun 2003 15:26:58 -0700 (PDT) Received: from BSDWIN2KKOROUSH ([129.197.244.4]) by lmco.com (PMDF V6.1-1 #40643) with SMTP id <0HGA00HGAECXKD@lmco.com> for freebsd-questions@FreeBSD.ORG; Tue, 10 Jun 2003 15:26:57 -0700 (PDT) Date: Tue, 10 Jun 2003 15:34:32 -0700 From: Koroush Saraf To: freebsd-questions@FreeBSD.ORG Message-id: <002501c32fa0$76a280e0$04f4c581@BSDWIN2KKOROUSH> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-Priority: 3 X-MSMail-priority: Normal Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: NAT Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jun 2003 22:27:01 -0000 Hi all, I'm trying to setup a BSD box to act as a NAT gateway between private net and public Internet. My requirements is to map the src and destination of the packet according to a set of rules. The BSD box has two public IP addresses. Depending on which interface the packet arrives on it will get routed to a different private destination address. I'm using ipnat with the following mapping on the NAT box. The Nat box has only 1 interface xl0 the ip addresses of this interface are: public 129.197,244.6/24,129.197.244.7/24, 129.197.244.8/24 private 10.77.1.2/24, 10.77.2.2/24 The servers on the private lan are 10.77.1.1/24 and 10.77.2.1/24 on two different subnets. to List of active MAP/Redirect filters: map xl0 129.197.244.7/32 -> 10.77.1.1/32 map xl0 129.197.244.8/32 -> 10.77.2.1/32 map xl0 10.77.1.1/32 -> 129.197.244.7/32 map xl0 10.77.2.1/32 -> 129.197.244.8/32 However I'm not getting the desired results. >From a computer with ip address of 129.197.244.2 I ping 129.197.244.8. I expect the icmp packet to reach the BSDNAT box and get translated to the 10.77.2.1 address and forwarded with src address of 10.77.2.2 out of xl0 to the particular server. Then the server would reply back to 10.77.2.2 and it would get translated back to 129.197.244.2 with a source address of 129.197.244.8. But this is not happening. If the source of the Ping is a BSD box, the reply comes back as if I was routed to the destination server, but in reality its not being routed since the destination server doesn't see the packet for example: ping from Freebsd box Pinging 129.197.244.8 with 32 bytes of data: Reply from 10.77.2.1: bytes=32 time<10ms TTL=255 But 10.77.2.1 doesn't really see the ping packets. (verified using tcpdump and the delay metric which remains the same whether I ping 129.197.244.6) and ping from a windows box doesn't even get translated and times out. So In short I need someone to tell me the correct synthax to setup the mapping so that I can map any src and dst IP address into any other Src and dst address and retain the return path as well. thanks for your thoughts in advance, ~koroush