Discussion:
ipnat problem
(too old to reply)
Thomas Klausner
2010-11-01 20:16:50 UTC
Permalink
Hi!

In a -current/amd64 machine I have three network interfaces, and I
want to nat two (internal ones) of them onto the third (external one).

I get one of them to work, but not the other one. I don't see what I'm
doing differently for the second one, can someone please help?

# ifconfig wm0
wm0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
capabilities=7ff80<TSO4,IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx,TCP6CSUM_Tx,UDP6CSUM_Rx,UDP6CSUM_Tx,TSO6>
enabled=0
address: 00:1b:21:36:04:bf
media: Ethernet autoselect (none)
status: no carrier
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
inet6 something prefixlen 64 scopeid 0x2
# ifconfig re0
re0:
flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
capabilities=3f00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
enabled=0
address: 00:24:8c:56:df:94
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.0.33 netmask 0xffffff00 broadcast 192.168.0.255
inet6 something prefixlen 64 scopeid 0x3
# ifconfig re1
re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
capabilities=3f00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
enabled=0
address: 00:24:8c:56:dc:c9
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.0.0.7 netmask 0xffffff00 broadcast 10.0.0.255
inet6 something prefixlen 64 scopeid 0x4

# ipnat -l
List of active MAP/Redirect filters:
map re0 10.0.0.0/24 -> 192.168.0.33/32 proxy port ftp ftp/tcp
map wm0 192.168.2.0/24 -> 192.168.0.33/32 proxy port ftp ftp/tcp
map re0 10.0.0.0/24 -> 192.168.0.33/32 portmap tcp/udp 40000:60000
map re0 10.0.0.0/24 -> 192.168.0.33/32
map wm0 192.168.2.0/24 -> 192.168.0.33/32 portmap tcp/udp 20000:40000
map wm0 192.168.2.0/24 -> 192.168.0.33/32

...

traffic via re0 is natted outside while for wm0 traffic I get DNS
forwarded to named on 192.168.0.33 (and answered!), but nothing else
is getting outside.

What am I missing?
Thomas

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
John Nemeth
2010-11-01 23:06:17 UTC
Permalink
On Mar 24, 3:52pm, Thomas Klausner wrote:
}
} In a -current/amd64 machine I have three network interfaces, and I
} want to nat two (internal ones) of them onto the third (external one).
}
} I get one of them to work, but not the other one. I don't see what I'm
} doing differently for the second one, can someone please help?
}
} # ifconfig wm0
} wm0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
} capabilities=7ff80<TSO4,IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx,TCP6CSUM_Tx,UDP6CSUM_Rx,UDP6CSUM_Tx,TSO6>
} enabled=0
} address: 00:1b:21:36:04:bf
} media: Ethernet autoselect (none)
} status: no carrier
} inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
} inet6 something prefixlen 64 scopeid 0x2
} # ifconfig re0
} re0:
} flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
} mtu 1500
} capabilities=3f00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
} enabled=0
} address: 00:24:8c:56:df:94
} media: Ethernet autoselect (100baseTX full-duplex)
} status: active
} inet 192.168.0.33 netmask 0xffffff00 broadcast 192.168.0.255
} inet6 something prefixlen 64 scopeid 0x3
} # ifconfig re1
} re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
} capabilities=3f00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
} enabled=0
} address: 00:24:8c:56:dc:c9
} media: Ethernet autoselect (100baseTX full-duplex)
} status: active
} inet 10.0.0.7 netmask 0xffffff00 broadcast 10.0.0.255
} inet6 something prefixlen 64 scopeid 0x4
}
} # ipnat -l
} List of active MAP/Redirect filters:
} map re0 10.0.0.0/24 -> 192.168.0.33/32 proxy port ftp ftp/tcp
} map wm0 192.168.2.0/24 -> 192.168.0.33/32 proxy port ftp ftp/tcp
} map re0 10.0.0.0/24 -> 192.168.0.33/32 portmap tcp/udp 40000:60000
} map re0 10.0.0.0/24 -> 192.168.0.33/32
} map wm0 192.168.2.0/24 -> 192.168.0.33/32 portmap tcp/udp 20000:40000
} map wm0 192.168.2.0/24 -> 192.168.0.33/32
}
} ...
}
} traffic via re0 is natted outside while for wm0 traffic I get DNS
} forwarded to named on 192.168.0.33 (and answered!), but nothing else
} is getting outside.
}
} What am I missing?

All these address are private addresses, so I'm not which interface
goes where, but basically, it should be:

map <outside if> <internal range> -> <external range>
map <outside if> <internal range> -> <external range> proxy port ftp/tcp
map <outside if> <internal range> -> <external range> portmap tcp/udp <ports>

}-- End of excerpt from Thomas Klausner

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Thomas Klausner
2010-11-02 09:23:00 UTC
Permalink
Hi John!
Post by John Nemeth
All these address are private addresses, so I'm not which interface
map <outside if> <internal range> -> <external range>
map <outside if> <internal range> -> <external range> proxy port ftp/tcp
map <outside if> <internal range> -> <external range> portmap tcp/udp <ports>
That was exactly the problem -- I had used the internal interface for
<outside if>.

Additionally, I hadn't allowed the network in /etc/hosts.allow :|

Thank you!
Thomas

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...