Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Any recent changes for ipfilter/ipnat?
On Sun, 12 Apr 2009, Bernd Ernesti wrote:
You updated the nic entries in /etc/ipnat.conf, so it matches the new
driver name?
Yes. I renamed my old /etc/ifconfig.nfe0 to /etc/ifconfig.tlp0 (and removed
the various cksum offloads that tlp doesn't do), and I editted the
/etc/ipnat.conf file to change all references from nfe0 to tlp0.
I've also verified (using tcpdump) that the packets arriving on tlp0 are
being forwarded without having been NAT'ed. It would be pretty hard for
me to receive any reply packets, since they would be addressed to my
RFC1518 private network. :)
Here's my network topology:
(the Internet) 66.92.189.133 192.168.2.250 (private net)
------------------------------ -----------------------------
| |
re0 | | tlp0
-------------------
| |
| gateway machine |
| |
-------------------
I have an empty /etc/ipf.conf (it's only there because I need one to
start ipf, which is required to run ipnat). Here's my /etc/ipnet.conf
{102} cat /etc/ipnat.conf
map tlp0 192.168.2.0/25 -> 0/32 proxy port ftp ftp/tcp
map tlp0 192.168.2.0/25 -> 0/32 portmap tcp/udp 40000:60000
map tlp0 192.168.2.0/25 -> 0/32
{103}
-------------------------------------------------------------------------
| Paul Goyette | PGP DSS Key fingerprint: | E-mail addresses: |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer | | pgoyette at netbsd.org |
-------------------------------------------------------------------------
Home |
Main Index |
Thread Index |
Old Index