The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Previous Message  |  Next Message 
 Ipnat and one to one mapping
Author: Marco Raposo 
Date:   11-08-00 19:02

i'm using FreeBSD as a gateway for my network
and i'm using ipfilter and ipnat. All the local network is translated to a single IP.
until now everything works fine.

___________________________________ WAN
| x.x.x.84 / 32
__|__
| | GATEWAY
|____|
| 192.168.3.0 / 24
__|_______________________________> LAN
__|__
| |
|____| 192.168.3.1 / 32

"Services Machine"

the problem starts when i try to execute a one to one mapping. I want my internal machine referenced as "Services machine" to receive packets target to IP x.x.x.86
I've setted the natrules as follows, where rl0 is my "external" interface.

________________ NATRULES __________________

map rl0 192.168.3.0/24 -> xxx.xxx.xxx.84/32
bimap rl0 192.168.3.10/32 -> xxx.xxx.xxx.86/32
__________________________________________________

from the inside, everything works fine, the workstation has no problem in reaching the "outside world"

here is "ipnat -l" output

______________ IP nat output __________________

List of active MAP/Redirect filters:
map rl0 192.168.3.0/24 -> xxx.xxx.xxx.84/32
bimap rl0 192.168.3.10/32 -> xxx.xxx.xxx.86/32

List of active sessions:
BIMAP 192.168.3.10 4354 <- -> xxx.xxx.xxx.86 4354 [194.65.15.144 80]
BIMAP 192.168.3.10 4351 <- -> xxx.xxx.xxx.86 4351 [194.65.15.144 80]
MAP 192.168.3.85 1536 <- -> xxx.xxx.xxx.84 1536 [205.188.5.229 5190]
MAP 192.168.3.85 1553 <- -> xxx.xxx.xxx.84 1553 [194.25.242.203 21]
____________________________________________

As we can see, the reserved IP is being translated to the external IP,
but from the outside, the system acts as if it were not execution the translation.
When i try to ping or telnet the external IP for that external machine, i get no response.

Any ideas? theoretically the packages for IP xxx.xxx.xxx.86 should be delivered by IP Filter, right?

btw, IP filtering rules are:
________________
pass in all
pass out all
________________


 Reply To This Message  |  Forum List  |  Flat View   Newer Topic  |  Older Topic 

 Topics Author  Date
 Ipnat and one to one mapping   new
Marco Raposo 11-08-00 19:02 
 RE: Ipnat and one to one mapping   new
Stu 12-08-00 11:42 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org