NAT in NPF

To: netbsd-users%NetBSD.org@localhost
Subject: NAT in NPF
From: Vladimir Zakrevskiy <v.zakrevskiy%labma.ru@localhost>
Date: Fri, 29 Nov 2019 21:22:19 +0300

Hello!

I have a strange situation when configuring NAT.

I have installed NetBSD on xen domU, enable ip forwarding and enable NPF.

npf.conf:

$ext_if = "xennet0"
$int_if = "xennet1"
$ext_addr = { inet4(xennet0) }
$int_addr = { inet4(xennet1) }
$localnet = { 172.20.76.0/24 }

alg "icmp"

#NAT
map $ext_if $localnet -> $ext_addr

#Firewall
group "external" on $ext_if {
    pass out final all
    pass in final all
}

group "internal" on $int_if {
    pass out final all
    pass in final all
}

group default {
    pass out final all
    pass in final all

    pass final on lo0 all
#   block all
}

With this config NAT is not working. Packets received on int_if anddon`t transmited from ext_if.

If i remove "map $ext_if $localnet -> $ext_addr" packets correcttransmited from ext_if.


--
С уважением, Закревский Владимир,
Центр системной интеграции и специальных проектов ЗАО "ЛМА"
тел. (812) 309-25-94, доб. 188
моб. (911) 986-90-02

Follow-Ups:
- Re: [users] NAT in NPF
  - From: Luis P. Mendes

Prev by Date: Re: csapp, really good?
Next by Date: Re: GPG Smartcard not working
Previous by Thread: GPG Smartcard not working
Next by Thread: Re: [users] NAT in NPF
Indexes:

Home | Main Index | Thread Index | Old Index