[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Newbie NAT difficulties

To: "'Louis Hopcraft'" <lhopcraft@telus.net>
Subject: RE: Newbie NAT difficulties
From: "Jake L. Wegman" <jake@ultrex.com>
Date: Wed, 15 Aug 2001 07:58:02 -0500
Cc: "'misc@openbsd.org'" <misc@openbsd.org>

Yes Louis,

	When I ventured home yesterday afternoon I setup a computer with the
identical configuration in the home lab where I was able to reproduce the
problems described below. I poured through the IPF FAQ again - whereas
previously I used the OpenBSD FAQ - and found the reference to using the
0/32 network and bingo, it worked.

	Would you have any insight as to why it was not routing correctly
using my /29 network?  The packets were going out and hitting the
destination, but nothing was coming back to the originating client.

	In fact, I'm back at the office and tried the following with
success...

/etc/ipnat.rules
map dc0 10.0.0.0/24 -> 209.163.32.126/32 portmap tcp/udp 10000:60000
map dc0 10.0.0.0/24 -> 209.163.32.126/32

Perhaps it was inappropriate to use 209.163.32.126/29 as the item to be
mapped to...?  (using the entire network had mapped the address to MY
network gateway - so yes, that does appear to be incorrect.)

Bottom line, use /32 to map to a singe IP...  The documentation is vague for
a newbie such as myself...

Thank you for your time,
Jake

-----Original Message-----
From: Louis Hopcraft [mailto:lhopcraft@telus.net]
Sent: Tuesday, August 14, 2001 6:27 PM
To: Jake L. Wegman
Subject: Re: Newbie NAT difficulties


Try this instead in your /etc/ipnat.rules file.

map dc0 10.0.0.0/24  -> 0.0.0.0/32  portmap tcp/udp 1024:65535
map dc0 10.0.0.0/24  -> 0.0.0.0/32 

Then save the file and run

ipnat -CF -f /etc/ipnat.rules


Louis

On 14 Aug 2001 16:00:07 -0500, Jake L. Wegman wrote:
> Fresh install of OpenBSD 2.9, BASE install.
> 
> I've spent the past few years with Linux (Redhat) and now would like to
> learn the virtues of OpenBSD...  My CD's arrived this past week...
> 
> So on with the story, fresh install on a Pentium 100, 16MB RAM, two DEC
NICs
> (Linksys v2)
> 
> >From an internal machine, I am NOT getting the traffic BACK!
> 
> (is this a routing issue that I'm over looking?  I'm not the wizard of
> routing...  Even basics...)
> 
> I try to open a web page, ipnat -l returns:
> 
> 	ipnat -l
> 	List of active MAP/Redirect filters:
> 	map dc0 10.0.0.0/24  -> 209.163.32.120/29  portmap tcp/udp
> 10000:60000
> 	map dc0 10.0.0.0/24  -> 209.163.32.120/29
> 
> 	List of active sessions:
> 	MAP 10.0.0.203      1439  <- -> 209.163.32.121  10001 [129.128.5.191
> 80]
> 
> I have configured the NIC's AFTER the install of OpenBSD 2.9;
> 
> 	dc0	-	External Interface	209.163.32.126/29	<-
> (Fictitoius IP)
> 	dc1	-	LAN Interface, 		10.0.0.240/24
> 
> [Setup Per the FAQ]
> 
> 	/etc/hostname.dc0
> 		inet 209.163.32.126 255.255.255.248 NONE
> 	/etc/hostname.dc1
> 		inet 10.0.0.240 255.255.255.0 NONE
> 	/etc/mygate
> 		209.163.32.121
> 	/etc/sysctl.conf
> 		net.inet.ip.forwarding=1
> 	/etc/rc.conf
> 		ipfilter=YES
> 		ipnat=YES
> 	/etc/ipf.rules
> 		pass in from any to any
> 		pass out from any to any
> 	/etc/ipnat.rules
> 		map dc0 10.0.0.0/24 -> 209.163.32.126/29 portmap tcp/udp
> 10000:60000
> 		map dc0 10.0.0.0/24 -> 209.163.32.126/29
> 
> ipf -V
> 	ipf: IP Filter: v3.4.16 (256)
> 	Kernel: IP Filter: v3.4.16
> 	Running: yes
> 	Log Flags: 0 = none set
> 	Default: pass all, Logging: available
> 	Active list: 0
> 
> ipnat -l
> 	List of active MAP/Redirect filters:
> 	map dc0 10.0.0.0/24  -> 209.32.111.120/29  portmap tcp/udp
> 10000:60000
> 	map dc0 10.0.0.0/24  -> 209.32.111.120/29
> 	
> 	List of active sessions:
> 
> ifconfig dc0
> dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         media: Ethernet autoselect (10baseT)
>         status: active
>         inet 209.163.32.126 netmask 0xfffffff8 broadcast 209.163.32.127
>         inet6 fe80::2a0:ccff:fee4:4b15%dc0 prefixlen 64 scopeid 0x1
> ifconfig dc1
> dc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         media: Ethernet autoselect (100baseTX full-duplex)
>         status: active
>         inet 10.0.0.240 netmask 0xffffff00 broadcast 10.0.0.255
>         inet6 fe80::2a0:ccff:fee4:4aff%dc1 prefixlen 64 scopeid 0x2
> 
> route -n show
> 	Routing tables
> 
> 	Internet:
> 	Destination      Gateway            Flags
> 	default          209.163.32.121     UG
> 	10.0.0.0         link#2             U
> 	10.0.0.170       0:60:8:39:b4:ee    UH
> 	10.0.0.203       0:a0:c9:d6:be:46   UH
> 	127.0.0.0        127.0.0.1          UG
> 	127.0.0.1        127.0.0.1          UH
> 	209.163.32.120   link#1             U
> 	209.163.32.121   link#1             UH
> 	224.0.0.0        127.0.0.1          U
> 
> Thanks
> Jake
> jake@ultrex.com

Follow-Ups:
- Re: Newbie NAT difficulties
  - From: Nick Holland <nick@holland-consulting.net>

Prev by Date: Re: VPN and OpenBSD 2.9
Next by Date: need pkg info
Prev by thread: Re: Newbie NAT difficulties
Next by thread: Re: Newbie NAT difficulties
Index(es):
- Date
- Thread