Re: ipnat problem with two LAN networks

To: netbsd-users%netbsd.org@localhost
Subject: Re: ipnat problem with two LAN networks
From: Ian Clark <mrrooster%gmail.com@localhost>
Date: Wed, 25 Jan 2012 13:01:41 +0000

On 24 January 2012 12:55, Frank Wille <frank%phoenix.owl.de@localhost> wrote:
> Hi,
>
> I have a problem with ipnat, when I try to make connections between two
> different networks on the LAN. The configuration is like this:
[snip]
>
> My simple ipnat.conf for this task looks like this (where vr0 is the
> interface on the 192.168.0.0/24 net):
> map vr0 10.0.0.0/24 -> 0/32 proxy port ftp ftp/tcp
> map vr0 10.0.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
> map vr0 10.0.0.0/24 -> 0/32
>
[snip]
>
> Now I have the problem that I can ping 10.0.0.2 from 192.168.0.3, but
> no TCP connection is possible. tcpdump shows a connection to 10.0.0.2
> but the reply is coming from 192.168.0.2, which I think is normal,
> because of the NAT. But nothing happens.
>
Sorry if I'm missing something but can't you just do:-

map vr0 from 10.0.0.0/24 to ! 192.168.0.0/24 -> 0/32

I've not tried this but ipnat(5) seems to suggest it's a valid rule:

       Matching  of  packets  has now been extended to allow more complex com-
       pares.  In place of the address  which  is  to  be  translated,  an  IP
       address  and  port number comparison can be made using the same expres-
       sions available with ipf.  A simple NAT rule could be written as:

       map de0 10.1.0.0/16 -> 201.2.3.4/32

       or as

       map de0 from 10.1.0.0/16 to any -> 201.2.3.4/32

Cheers,

Ian

References:
- ipnat problem with two LAN networks
  - From: Frank Wille

Prev by Date: Re: Support of VIA VT6421A or Silicon Image SiI0680A chipsets
Next by Date: Re: ipnat problem with two LAN networks
Previous by Thread: Re: ipnat problem with two LAN networks
Next by Thread: Re: ipnat problem with two LAN networks
Indexes:

Home | Main Index | Thread Index | Old Index