Subject: Re: How to redirect through ipnat?
To: Melnikov Denis <denis.melnikov@regent.ru>
From: Mike M. Volokhov <mishka@NetBSD.org>
List: netbsd-help
Date: 12/13/2005 17:57:33
Hello!
On Tue, 13 Dec 2005 17:54:14 +0300
"Melnikov Denis" <denis.melnikov@regent.ru> wrote:
> > Only try this rule:
> >
> > rdr fxp0 100.100.200.200/32 port 3389 -> 10.0.0.2 port 3389 tcp
> >
> > The other rdr's are abiguous.
>
> rdr fxp0 100.100.200.200/32 port 80 -> 10.0.0.2 port 80 tcp
>
> Not working! (I want to set up HTTP access before.)
> `ipnat -l` shows:
> >>>>>>>>>>>>>>>>
> List of active MAP/Redirect filters:
> rdr fxp0 100.100.200.200/32 port 80 -> 10.0.0.2 port 80 tcp
>
> List of active sessions:
> RDR 10.0.0.2 80 <- -> 100.100.200.200 80 [100.100.200.201 1166]
It's working, just because you see the line above. :-)
> But no record appears in Apache's access.log at 10.0.0.2.
There are two common cases:
1) connection was blocked by firewall.
Flush firewall rules (ipf -Fa). If connection would works after that,
add a rule allowing traffic from 100.100.200.201 to 10.0.0.2 (http/tcp).
2) return path is different that direct (i.e. replied packets are not
passed through NAT box).
Investigate a routing paths in your network. The soulution may be not
so trivial, though.
Hope, that helps.
--
Mishka.