Re: ipnat problem

To: Thomas Klausner <wiz%NetBSD.org@localhost>, tech-net%NetBSD.org@localhost
Subject: Re: ipnat problem
From: jnemeth%victoria.tc.ca@localhost (John Nemeth)
Date: Mon, 1 Nov 2010 16:06:17 -0700

On Mar 24,  3:52pm, Thomas Klausner wrote:
} 
} In a -current/amd64 machine I have three network interfaces, and I
} want to nat two (internal ones) of them onto the third (external one).
} 
} I get one of them to work, but not the other one. I don't see what I'm
} doing differently for the second one, can someone please help?
} 
} # ifconfig wm0         
} wm0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
}         
capabilities=7ff80<TSO4,IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx,TCP6CSUM_Rx,TCP6CSUM_Tx,UDP6CSUM_Rx,UDP6CSUM_Tx,TSO6>
}         enabled=0
}         address: 00:1b:21:36:04:bf
}         media: Ethernet autoselect (none)
}         status: no carrier
}         inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
}         inet6 something prefixlen 64 scopeid 0x2
} # ifconfig re0 
} re0:
} flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
} mtu 1500
}         
capabilities=3f00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
}         enabled=0
}         address: 00:24:8c:56:df:94
}         media: Ethernet autoselect (100baseTX full-duplex)
}         status: active
}         inet 192.168.0.33 netmask 0xffffff00 broadcast 192.168.0.255
}         inet6 something prefixlen 64 scopeid 0x3
} # ifconfig re1 
} re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
}         
capabilities=3f00<IP4CSUM_Rx,IP4CSUM_Tx,TCP4CSUM_Rx,TCP4CSUM_Tx,UDP4CSUM_Rx,UDP4CSUM_Tx>
}         enabled=0
}         address: 00:24:8c:56:dc:c9
}         media: Ethernet autoselect (100baseTX full-duplex)
}         status: active
}         inet 10.0.0.7 netmask 0xffffff00 broadcast 10.0.0.255
}         inet6 something prefixlen 64 scopeid 0x4
} 
} # ipnat -l
} List of active MAP/Redirect filters:
} map re0 10.0.0.0/24 -> 192.168.0.33/32 proxy port ftp ftp/tcp
} map wm0 192.168.2.0/24 -> 192.168.0.33/32 proxy port ftp ftp/tcp
} map re0 10.0.0.0/24 -> 192.168.0.33/32 portmap tcp/udp 40000:60000
} map re0 10.0.0.0/24 -> 192.168.0.33/32
} map wm0 192.168.2.0/24 -> 192.168.0.33/32 portmap tcp/udp 20000:40000
} map wm0 192.168.2.0/24 -> 192.168.0.33/32
} 
} ...
} 
} traffic via re0 is natted outside while for wm0 traffic I get DNS
} forwarded to named on 192.168.0.33 (and answered!), but nothing else
} is getting outside.
} 
} What am I missing?

     All these address are private addresses, so I'm not which interface
goes where, but basically, it should be:

map <outside if> <internal range> -> <external range>
map <outside if> <internal range> -> <external range> proxy port ftp/tcp
map <outside if> <internal range> -> <external range> portmap tcp/udp <ports>

}-- End of excerpt from Thomas Klausner

Follow-Ups:
- Re: ipnat problem
  - From: Thomas Klausner

References:
- ipnat problem
  - From: Thomas Klausner

Prev by Date: ipnat problem
Next by Date: Re: ipnat problem
Previous by Thread: ipnat problem
Next by Thread: Re: ipnat problem
Indexes:

Home | Main Index | Thread Index | Old Index