Re: Firewalling and NAT (ipf, ipnat)

[_azure <azure@gh0st.net>]

You need to post what IPF/IPNAT rules you currenlty have to get suggestions
on how to fix them.

That said, and leaving IPF aside for a moment (we'll assume pass all), to 
redirect telnet and ftp traffic to two (separate?) internal machines, you
will need rules that look like this:

# telnet
rdr EXTERNAL_INTERFACE EXTERNAL_IP_A/32 port 23 -> INTERNAL_IP_A port 23 tcp

# ftp
rdr EXTERNAL_INTERFACE EXTERNAL_IP_A/32 port 21 -> INTERNAL_IP_B port 21 tcp

Alternately, you can do bi-directional NAT (one for one address translation)
to an internal host with a rule like this:

bimap EXTERNAL_INTERFACE INTERNAL_IP_B/32 -> EXTERNAL_IP_B/32



_azure



On Thu, Jan 04, 2001 at 07:42:38PM +0200, Chris Nikolopoulos wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi there all and very happy new year.
> 
> I am new in openBSD, and I have difficulties to setup port
> redirection/NAT on it.
> I am using open BSD 2.8 with two Ethernet 3com. The one connected to
> the internet and the other to my LAN. 
> 
> First of all I have created a NAT that maps my entire inside LAN in
> one true internet ip. That works just fine. But if I try to map or
> redirect a service from the internet to the LAN, I get connection
> timeout or connection refused. I have tried with and without
> firewalling rules but the result was the same. The services that I
> try to work with is telnet and ftp.
> 
> If you have some docs in mind or any ideas why is it not playing pls
> let me know.(I have already read the OpenBSD howto's)
> 
> Thanx in advance
> 
> Chris Nikolopoulos
> Senior Systems Administrator
> Alter Channel S.A.
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> 
> iQA/AwUBOlSXu/RXT16qE36AEQIpKQCePmFgV4sZ2wYiULH5OJuoyxjg8rwAn0zA
> 5nnWGlZp5QI6cz7nhKcjUbGE
> =UTqm
> -----END PGP SIGNATURE-----
> 
>