[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Firewalling and NAT (ipf, ipnat)
You need to post what IPF/IPNAT rules you currenlty have to get suggestions
on how to fix them.
That said, and leaving IPF aside for a moment (we'll assume pass all), to
redirect telnet and ftp traffic to two (separate?) internal machines, you
will need rules that look like this:
rdr EXTERNAL_INTERFACE EXTERNAL_IP_A/32 port 23 -> INTERNAL_IP_A port 23 tcp
rdr EXTERNAL_INTERFACE EXTERNAL_IP_A/32 port 21 -> INTERNAL_IP_B port 21 tcp
Alternately, you can do bi-directional NAT (one for one address translation)
to an internal host with a rule like this:
bimap EXTERNAL_INTERFACE INTERNAL_IP_B/32 -> EXTERNAL_IP_B/32
On Thu, Jan 04, 2001 at 07:42:38PM +0200, Chris Nikolopoulos wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi there all and very happy new year.
> I am new in openBSD, and I have difficulties to setup port
> redirection/NAT on it.
> I am using open BSD 2.8 with two Ethernet 3com. The one connected to
> the internet and the other to my LAN.
> First of all I have created a NAT that maps my entire inside LAN in
> one true internet ip. That works just fine. But if I try to map or
> redirect a service from the internet to the LAN, I get connection
> timeout or connection refused. I have tried with and without
> firewalling rules but the result was the same. The services that I
> try to work with is telnet and ftp.
> If you have some docs in mind or any ideas why is it not playing pls
> let me know.(I have already read the OpenBSD howto's)
> Thanx in advance
> Chris Nikolopoulos
> Senior Systems Administrator
> Alter Channel S.A.
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> -----END PGP SIGNATURE-----