tech-net: Re: ipnat: Multiple interfaces and routing

Subject: Re: ipnat: Multiple interfaces and routing
To: None <wysoft@extremecode.org>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-net
Date: 11/28/2005 18:39:26
--W/+CTqSGWdiRg+8j
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Nov 27, 2005 at 04:37:52PM -0800, wysoft@extremecode.org wrote:
> Aha! That was it! Thanks Johnathan :)

Just so it's clear, the issue was that the 192.168.2.x traffic never=20
traversed the mc0 interface (it went from the tlp to the ex), so the rule=
=20
didn't work.

Christos's /16 rules look like the best thing to try.

Take care,

Bill

> On Sun, 27 Nov 2005, Jonathan A. Kollasch wrote:
>=20
> >Date: Sun, 27 Nov 2005 16:41:39 -0600
> >From: Jonathan A. Kollasch <jakllsch@kollasch.net>
> >To: wysoft@extremecode.org
> >Cc: tech-net@netbsd.org
> >Subject: Re: ipnat: Multiple interfaces and routing
> >
> >On Sun, Nov 27, 2005 at 01:46:50PM -0800, wysoft@extremecode.org wrote:
> >>nothing should be getting blocked. Here is my ipnat.conf:
> >>
> >># Compensate for NAT-broken protocols
> >>map ex0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
> >>map mc0 192.168.2.0/24 -> 0/32 proxy port ftp ftp/tcp
> >>
> >># Port redirections
> >>#rdr ex0 0.0.0.0/0 port 6114 -> 192.168.1.106 port 6114 udp
> >>
> >># Essential mappings
> >>map ex0 192.168.1.0/24 -> 67.168.161.233/32
> >>map ex0 192.168.1.0/24 -> 67.168.161.233/32 portmap tcp/udp auto
> >>map mc0 192.168.2.0/24 -> 67.168.161.233/32
> >>map mc0 192.168.2.0/24 -> 67.168.161.233/32 portmap tcp/udp auto
> >
> >Try this:
> >
> ># Compensate for NAT-broken protocols
> >map ex0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
> >map ex0 192.168.2.0/24 -> 0/32 proxy port ftp ftp/tcp
> >
> ># Port redirections
> >#rdr ex0 0.0.0.0/0 port 6114 -> 192.168.1.106 port 6114 udp
> >
> ># Essential mappings
> >map ex0 192.168.1.0/24 -> 67.168.161.233/32
> >map ex0 192.168.1.0/24 -> 67.168.161.233/32 portmap tcp/udp auto
> >map ex0 192.168.2.0/24 -> 67.168.161.233/32
> >map ex0 192.168.2.0/24 -> 67.168.161.233/32 portmap tcp/udp auto
> >
> >	Jonathan Kollasch
> >

--W/+CTqSGWdiRg+8j
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFDi79eWz+3JHUci9cRAkQRAJ4h9ZgpqhaMtuM6369aXNhaHV3DnACeNWLI
6fNTr6189tNkHHazI279X24=
=U61P
-----END PGP SIGNATURE-----

--W/+CTqSGWdiRg+8j--