netbsd-help: New help on IPNAT rdr

Subject: New help on IPNAT rdr
To:
, <firewall@dubbele.com>
From: Pankaj Jain <pankajj@tsoft.com>
List: netbsd-help
Date: 12/11/2000 00:21:41
Hi !

I have the firewall running on NetBSD 1.4.2 which is pre-configured by
http://www.dubbele.com . Thanks to dubbele techs for that.

I was trying to add rdr in ipnat.conf for redirecting the web server traffic
to other m/c on local network from firewall m/c. But no luck.

So i would really appriciate if somebody has clue what am i doing wrong
here.

Here is the all the info you might need :


XX.XX.XX.XX   ------> 		Static IP


Firewall m/c has the 2 network card.

********************************************************
>>>ifconfig -a
ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:50:ba:a2:da:df
        media: Ethernet autoselect (10baseT)
        inet XX.XX.XX.XX netmask 0xffffff00 broadcast 198.144.206.255
ne3: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:50:ba:a2:d3:fe
        media: Ethernet autoselect (10baseT)
        inet 192.168.1.250 netmask 0xffffff00 broadcast 192.168.1.255
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32976
        inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
********************************************************

>>cat ipf.conf
#!/sbin/ipf -f -
#
# Prevent IP spoofing.
# Commented next 1 line by Pankaj
#block in quick all with short
pass in all
pass out all
********************************************************

cat ipnat.conf
#!/sbin/ipnat -f -
#
# THIS IS WRITTEN FOR IP FILTER 3.2
#
# ne2 - (external) connection to ISP, address XX.XX.XX.XX/32
#
# ne3 - (internal) network interface, address 192.168.1.250/32
#
#
map ne2 192.168.1.250/24 -> XX.XX.XX.XX/32 portmap tcp/udp 40000:60000
map ne2 192.168.1.250/24 -> XX.XX.XX.XX/32
#
#
#To make ftp work, using the internal ftp proxy, use:
#
map ne2 192.168.1.250/24 -> XX.XX.XX.XX/32 proxy port ftp ftp/tcp
#
#Added By Pankaj to do redirect web server traffic
rdr ne2 XX.XX.XX.XX/32 port 80 -> 192.168.1.104 port 8080 tcp
********************************************************

in rc.conf
# For Web server traffic redirect
gateway_enable="YES"


********************************************************

cat sysctl.conf
net.inet.ip.forwarding=1

********************************************************
I am not sure that how do i make sure that port 80 on firewall m/c is open.
I checked /etc/services , line for port 80 is not commented.


Thanks for all your help in !

Cheers


Pankaj Jain

pankajj@tsoft.com