Date: Thu, 19 Jul 2001 07:25:21 +0200 From: "feenikz" <demi@god.za.net> To: "Fernando Gleiser" <fgleiser@cactus.fi.uba.ar> Subject: Re: IPNAT Message-ID: <007601c11013$7358b160$3400a8c0@mandy> References: <20010718151044.I18511-100000@cactus.fi.uba.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for all your help, I will try it later today --Dave. > Here's what I do (and it works). > > Let's say your firewall external address is 172.16.1.226, and you want > 172.16.1.227 map to the internal host 192.168.1.25. The netmask of the > public net is 0xfffffff8 > > then you say: > > # ifconfig rl0 172.16.1.226 netmask 0xfffffff8 > > Then, you lookup rl0's MAC (via ifconfig), and say > > # arp -S 172.16.1.227 <MAC of rl0> pub > > And that's it. > > In other words: if you use bimap, you don't use the external IP as an alias. > You use proxy arp. > If you use rdr, you assign the external IP as an alias on rl0. > > > Fer > > > On Wed, 18 Jul 2001, feenikz wrote: > > > Hi, > > I just said > > ifconfig rl0 alias a.b.c.25 > > wrong? > > the arp -S ... command replies > > a.b.c.25 deleted. > > > > Also I notice .20 is no longer an entry, I need everything to stay the > > same only .25 must point to 192.168.10.10. > > I can ping 192.168.10.10 from the local box, but not a.b.c.25 > > When i ping it, rules are opened and all, but no responses etc???? > > > > Tx, Dave > > > > > > > Do you use proxy arp? > > > > > > You need to proxy ARP on the external NIC, bindig the external IP to the > > > MAC of external NIC of the firewall. You shouldnt configure a.b.c.25 as > > > an alias on rl0. > > > > > > arp -S a.b.c.25 <MAC of rl0> pub > > > > > > > > > Fer > > > > > > > > > On Wed, 18 Jul 2001, Dave wrote: > > > > > > > *Notices the lack of information on his behalf* > > > > > > > > 192.168.10.10 is a NT IIS server, > > > > a.b.c.20 is the firewalls main address, *does web aswell etc* > > > > ifconfig rl0 shows that a.b.c.25 is also up. > > > > ipnat -l shows that a connection is made when i request one, > > > > but nothing is returned. (Tested this from a dialup and the local box.) > > > > > > > > Strange thing is, it works on ONE box, a.b.c.102. I goto a.b.c.25 and it > > > > gets the correct page and everything. > > > > > > > > I cant imaging why, no special settings, stock standard FBSD 4.3-STABLE > > box. > > > > Both of them. > > > > > > > > Any more ideas? > > > > > > > > > > > > > > > I already do nat for the whole 192.168.0.0/24 network, which > > works, > > > > > > but I cant get it to do the bimap. My normal ip is .20 but I have > > > > added > > > > > > .25 to use for the bimap. > > > > > > > > > > confirm that a.b.c.25 is bound to the external interface (i.e. > > whichever > > > > > interface is visible to the outside world) and that the bimap rule is > > > > placed > > > > > before the map rule... > > > > > > > > > > in /etc/ipnat.rules > > > > > -> bimap rules > > > > > -> rdr rules > > > > > -> map rule > > > > > > > > > > Phil > > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007601c11013$7358b160$3400a8c0>