Subject: Re: ipnat help
To: None <netbsd-help@netbsd.org>
From: James Webster <james3838@tsi-net.com>
List: netbsd-help
Date: 05/07/2000 12:41:03
This is a multi-part message in MIME format.
------=_NextPart_000_008A_01BFB821.814CF880
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Did some more digging and figured out my problem... like all else with =
ipf, poor documentation.
rdr's device has a different meaning then the map device. For map =
device means the device to map out on, where as rdr is the device to map =
in on. In both cases, this would be my external interface. So changing =
NE1 to EP0 resolved my problem.
Just the FYI - my rules now look like this:
map ep0 10.0.1.0/24 -> 207.202.145.161/32 proxy port ftp ftp/tcp
map ep0 10.0.1.0/24 -> 207.202.145.161/32 portmap tcp/udp 50000:60000
map ep0 10.0.1.0/24 -> 207.202.145.161/32
rdr ep0 207.202.145.161/32 port 80 -> 10.0.1.10 port 80 tcp
----- Original Message -----=20
From: James Webster=20
To: netbsd-help@netbsd.org=20
Sent: Saturday, May 06, 2000 11:18 AM
Subject: ipnat help
I was trying to open up a hole on my firewall for a web server, and =
thought I had the syntax right, but its not working as expected. Its =
been a while since I mucked with ipf, so could someone tell me what I'm =
doing wrong?
ne1 =3D interface for 10.0.x.x=20
ep0 =3D ifaliases include 207.202.145.161
I want all port 80 connections to 207.202.145.161 redirected to =
10.0.1.10
Here is the rule I added:
rdr ne1 207.202.145.161/32 port 80 -> 10.0.1.10 port 80
I've verified that I can hit 10.0.1.10 port 80 on the gateway, but =
from the internet side of the gateway I can't connect indicating my =
redirection isn't working as expected.
Thanks in advance....
------=_NextPart_000_008A_01BFB821.814CF880
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3013.2600" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Did some more digging and figured out =
my problem...=20
like all else with ipf, poor documentation.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>rdr's device has a different meaning =
then the map=20
device. For map device means the device to map out on, where as =
rdr is the=20
device to map in on. In both cases, this would be my external=20
interface. So changing NE1 to EP0 resolved my =
problem.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Just the FYI - my rules now look like=20
this:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>map ep0 10.0.1.0/24 ->=20
207.202.145.161/32 proxy port ftp ftp/tcp<BR>map ep0 =
10.0.1.0/24 =20
-> 207.202.145.161/32 portmap tcp/udp 50000:60000<BR>map ep0=20
10.0.1.0/24 -> 207.202.145.161/32<BR>rdr ep0 207.202.145.161/32 =
port 80=20
-> 10.0.1.10 port 80 tcp</FONT></DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: =
0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A href=3D"mailto:james3838@tsi-net.com" =
title=3Djames3838@tsi-net.com>James=20
Webster</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20
href=3D"mailto:netbsd-help@netbsd.org"=20
title=3Dnetbsd-help@netbsd.org>netbsd-help@netbsd.org</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Saturday, May 06, 2000 =
11:18=20
AM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> ipnat help</DIV>
<DIV><BR></DIV>
<DIV><FONT face=3DArial size=3D2>I was trying to open up a hole on my =
firewall for=20
a web server, and thought I had the syntax right, but its not working =
as=20
expected. Its been a while since I mucked with ipf, so could =
someone=20
tell me what I'm doing wrong?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>ne1 =3D interface for 10.0.x.x =
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>ep0 =3D ifaliases include=20
207.202.145.161</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>I want all port 80 connections to =
207.202.145.161=20
redirected to 10.0.1.10</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Here is the rule I =
added:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>rdr ne1 207.202.145.161/32 port 80 =
->=20
10.0.1.10 port 80</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>I've verified that I can hit =
10.0.1.10 port 80 on=20
the gateway, but from the internet side of the gateway I can't connect =
indicating my redirection isn't working as expected.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks in=20
advance....</FONT></DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_008A_01BFB821.814CF880--