netbsd-help: Re: How to redirect through ipnat?

Subject: Re: How to redirect through ipnat?
To: Melnikov Denis <denis.melnikov@regent.ru>
From: Mike M. Volokhov <mishka@NetBSD.org>
List: netbsd-help
Date: 12/13/2005 17:57:33

Hello!

On Tue, 13 Dec 2005 17:54:14 +0300
"Melnikov Denis" <denis.melnikov@regent.ru> wrote:

> > Only try this rule:
> > 
> > rdr fxp0 100.100.200.200/32 port 3389 -> 10.0.0.2 port 3389 tcp
> > 
> > The other rdr's are abiguous.
> 
> rdr fxp0 100.100.200.200/32 port 80 -> 10.0.0.2 port 80 tcp
> 
> Not working! (I want to set up HTTP access before.)
> `ipnat -l` shows:
> >>>>>>>>>>>>>>>>
> List of active MAP/Redirect filters:
> rdr fxp0 100.100.200.200/32 port 80 -> 10.0.0.2 port 80 tcp
> 
> List of active sessions:
> RDR 10.0.0.2       80    <- -> 100.100.200.200   80  [100.100.200.201 1166]

It's working, just because you see the line above. :-)

> But no record appears in Apache's access.log at 10.0.0.2.

There are two common cases:

1) connection was blocked by firewall.

Flush firewall rules (ipf -Fa). If connection would works after that,
add a rule allowing traffic from 100.100.200.201 to 10.0.0.2 (http/tcp).

2) return path is different that direct (i.e. replied packets are not
   passed through NAT box).

Investigate a routing paths in your network. The soulution may be not
so trivial, though.

Hope, that helps.

--
Mishka.