netbsd-help: Re: web server behind nat/ipf

Subject: Re: web server behind nat/ipf
To: Warrick, Bill (STL) <BWarrick@slpcapital.com>
From: Willem Brown <willem@brwn.org>
List: netbsd-help
Date: 08/22/2000 22:42:23
Hi,

Might I suggest the following

map ne2 192.168.0.0/24 -> XXX.XXX.XXX.XXX/32 portmap tcp/udp 40000:60000
map ne2 192.168.0.0/24 -> XXX.XXX.XXX.XXX/32
rdr ne2 0/0 port 80 -> 192.168.0.200 port 80 tcp

On Tue, Aug 22, 2000 at 09:49:46AM -0500, Warrick, Bill (STL) wrote:
> I tried to following two ipnat.conf files and still no success.
> 
> map ne2 192.168.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
> map ne2 192.168.0.0/24 -> 0/32
> rdr ep0 0/32 port 80 -> 192.168.0.200 port 80 tcp
> 
> map ne2 192.168.0.0/24 -> XXX.XXX.XXX.XXX/32 portmap tcp/udp 40000:60000
> map ne2 192.168.0.0/24 -> XXX.XXX.XXX.XXX/32
> rdr ne2 XXX.XXX.XXX.XXX/32 port 80 -> 192.168.0.200 port 80 tcp
> 
> Is there some utility I can use to what to redirection happen when I hit the
> nat box?
> 
> Does anybody have a ipnat.conf which does the redir and works?
> 
> -----Original Message-----
> From: Warrick, Bill (STL) 
> Sent: Monday, August 21, 2000 9:59 AM
> To: 'netbsd-help@netbsd.org'
> Subject: web server behind nat/ipf
> 
> 
> I have a box with two nic cards ep0 and ne2.  The ne2 is connected to my isp
> and ep0 is connected to my internal network.  I want to be able to hit my
> box from the net and have it forward all packets on port 80 to a second box.
> 
> netbsd1% ifconfig -a
> ep0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         address: 00:20:af:50:de:03
>         media: Ethernet 10baseT
>         inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
> ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         address: 00:e0:29:79:29:d2
>         media: Ethernet autoselect (10baseT)
>         inet XXX.XXX.XXX.XXX (CHANGED TO PROTEXT THE INOCENT) netmask
> 0xfffffc00 broadcast 255.255.255.255
> 
> My ipnat.conf looks like
> 
> map ne2 192.168.0.0/24 -> 0/32
> rdr ep0 0/32 port 80 -> 192.168.0.200 port 80 tcp
> 
> Even though my ipf.conf is pretty wide open nothing outside my private
> network can get to the web server.
> 
> What am I missing?
> 
> Bill Warrick
> bwarrick@slpcapital.com
> 314-802-0600 x2701
> 

Best Regards
Willem Brown
-- 
 /* =============================================================== */
 /*      Linux, FreeBSD, NetBSD, OpenBSD. The choice is yours.      */
 /* =============================================================== */

Too much of anything, even love, isn't necessarily a good thing.
		-- Kirk, "The Trouble with Tribbles", stardate 4525.6