[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OBSD 3.1 binat issue

To: misc@openbsd.org
Subject: Re: OBSD 3.1 binat issue
From: Roderick Scott Corporation <scott@rscorp.ab.ca>
Date: Wed, 12 Jun 2002 08:56:49 -0600
Cc: Daniel Martinez <daniel_martinez@salutia.com.br>
In response to daniel_martinez@salutia.com.br

|An `ifconfig -A`, whats say?

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000 
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 33224
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (none)
        status: no carrier
        inet 123.123.123.106 netmask 0xffffff00 broadcast 123.123.123.255
        inet6 fe80::202:b3ff:fe5e:122d%fxp0 prefixlen 64 scopeid 0x1
        inet 123.123.123.107 netmask 0xffffffff broadcast 123.123.123.107
        inet 123.123.123.108 netmask 0xffffffff broadcast 123.123.123.108
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (none)
        status: no carrier
        inet 192.168.70.254 netmask 0xffffff00 broadcast 192.168.70.255
        inet6 fe80::202:b3ff:fe5e:2958%fxp1 prefixlen 64 scopeid 0x2
fxp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        media: Ethernet autoselect (none)
        status: no carrier
        inet 192.168.71.254 netmask 0xffffff00 broadcast 192.168.71.255
        inet6 fe80::202:b3ff:fe5e:2954%fxp2 prefixlen 64 scopeid 0x3
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=10<POINTOPOINT> mtu 3000
tun1: flags=10<POINTOPOINT> mtu 3000
enc0: flags=0<> mtu 1536
bridge0: flags=0<> mtu 1500
bridge1: flags=0<> mtu 1500
vlan0: flags=0<> mtu 1500
vlan1: flags=0<> mtu 1500
gre0: flags=8010<POINTOPOINT,MULTICAST> mtu 1450
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280


|On Wed, 2002-06-12 at 11:11, Roderick Scott Corporation wrote:
|> Hi,
|> 
|> I cannot get binat to work as expected with OBSD3.1. Devices on my DMZ 
|(binat'd
|> from real IPs) cannot see the internet and are not seen by external 
|devices. 
|> 
|> Here are the details:
|> 
|> I have a pf/nat firewall running OBSD3.0 and humming along quite 
|nicely and am
|> upgrading to 3.1. I decided to set up another machine to test with 
|before
|> digging myself in deep on the live system.
|> 
|> >From my working firewall, I copied over (and modified the settings 
|from reatek
|> to intel i.e. rl* to fxp*) the config files and mirrored the ip 
|settings in
|> hostname files, mygate etc. pf is activated in rc.conf, packet 
|forwarding is
|> activated in sysctl.conf, my hostnames.fxp0 has the appropriate 
|aliases added
|> 
|> pf rules have no effect on the results. I have run (dangerously!) 
|"pfctl -F
|> rules" and still no success (only leaving a naked system exposed for 
|about 90
|> seconds).
|> 
|> Any thoughts?
|> 
|> Scott
|> 
|> PS. I have sent this a second time as I'm having a few problems with 
|email and
|> the first attempt didn't seem to make it through. Please accept my 
|apologies if
|> it did really hit the list twice.
|> 
|> --------------------begin nat.conf--------------------------
|> 
|> EXT_IF = "fxp0"
|> INT_IF = "fxp1"
|> DMZ_IF = "fxp2"
|> 
|> # ________ external ip block
|> EXT_IP     = "123.123.123.106"
|> EXT_IP1    = "123.123.123.107"
|> EXT_IP2    = "123.123.123.108"
|> 
|> # ________ network definitions
|> EXT_NW  = "123.123.123.64/26" 
|> DMZ_NW  = "192.168.1.0/24"
|> INT_NW  = "192.168.0.0/24"
|> 
|> # ___________ define servers on DMZ
|> WWW_SERVER  = "192.168.71.108" 
|> MAIL_SERVER = "192.168.71.107" 
|> 
|> # ___________ NAT the private network
|> nat on $EXT_IF from $INT_NW to any -> $EXT_IP
|> 
|> # ___________ bi-directional 1:1 NAT between alias IPs and DMZ
|> binat on $EXT_IF from $MAIL_SERVER to any -> $EXT_IP1
|> binat on $EXT_IF from $WWW_SERVER  to any -> $EXT_IP2
|> 
|> 
|> --------------------begin dmesg--------------------------
|> 
|> OpenBSD 3.1 (GENERIC) #59: Sat Apr 13 15:28:52 MDT 2002
|>     deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
|> cpu0: AMD Athlon Model 7 (Morgan) ("AuthenticAMD" 686-class) 1 GHz
|> cpu0:
|> 
|FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SYS,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,
|FXSR,SIMD
|> real mem  = 133738496 (130604K)
|> avail mem = 118370304 (115596K)
|> using 1658 buffers containing 6791168 bytes (6632K) of memory
|> mainbus0 (root)
|> bios0 at mainbus0: AT/286+(a4) BIOS, date 11/12/01, BIOS32 rev. 0 @ 
|0xfb350
|> apm0 at bios0: Power Management spec V1.2
|> apm0: AC on, battery charge unknown
|> pcibios0 at bios0: rev. 2.1 @ 0xf0000/0xdd94
|> pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xfdd00/144 (7 entries)
|> pcibios0: PCI Exclusive IRQs: 10 11 12
|> pcibios0: PCI Interrupt Router at 000:07:0 ("VIA VT82C596A PCI-ISA" 
|rev 0x00)
|> pcibios0: PCI bus #1 is the last bus
|> bios0: ROM list: 0xc0000/0x8000 0xcc000/0x1800 0xce000/0x1800 
|0xd0000/0x1800
|> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
|> pchb0 at pci0 dev 0 function 0 "VIA VT8363 Host" rev 0x03
|> ppb0 at pci0 dev 1 function 0 vendor "VIA", unknown product 0xb115 rev 
|0x00
|> pci1 at ppb0 bus 1
|> vga1 at pci1 dev 0 function 0 "ATI Mach64 GM" rev 0x27
|> wsdisplay0 at vga1: console (80x25, vt100 emulation)
|> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
|> pcib0 at pci0 dev 7 function 0 "VIA VT82C686 PCI-ISA" rev 0x40
|> pciide0 at pci0 dev 7 function 1 "VIA VT82C571 IDE" rev 0x06: ATA100, 
|channel 0
|> configured to compatibility, channel 1 configured to compatibility
|> atapiscsi0 at pciide0 channel 0 drive 0
|> scsibus0 at atapiscsi0: 2 targets
|> cd0 at scsibus0 targ 0 lun 0: <MATSHITA, CD-ROM CR-594, YS0M> SCSI0 
|5/cdrom
|> removable
|> cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
|> wd0 at pciide0 channel 1 drive 0: <Maxtor 2B020H1>
|> wd0: 16-sector PIO, LBA, 19541MB, 16383 cyl, 16 head, 63 sec, 40020624 
|sectors
|> wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
|> "VIA VT82C686 SMBus" rev 0x40 at pci0 dev 7 function 4 not configured
|> fxp0 at pci0 dev 11 function 0 "Intel 82557" rev 0x0c: irq 10, address
|> 00:02:b3:5e:12:2d
|> inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 4
|> fxp1 at pci0 dev 13 function 0 "Intel 82557" rev 0x0c: irq 11, address
|> 00:02:b3:5e:29:58
|> inphy1 at fxp1 phy 1: i82555 10/100 media interface, rev. 4
|> fxp2 at pci0 dev 17 function 0 "Intel 82557" rev 0x0c: irq 11, address
|> 00:02:b3:5e:29:54
|> inphy2 at fxp2 phy 1: i82555 10/100 media interface, rev. 4
|> isa0 at pcib0
|> isadma0 at isa0
|> pckbc0 at isa0 port 0x60/5
|> pckbd0 at pckbc0 (kbd slot)
|> pckbc0: using irq 1 for kbd slot
|> wskbd0 at pckbd0: console keyboard, using wsdisplay0
|> pcppi0 at isa0 port 0x61
|> midi0 at pcppi0: <PC speaker>
|> sysbeep0 at pcppi0
|> lpt0 at isa0 port 0x378/4 irq 7
|> npx0 at isa0 port 0xf0/16: using exception 16
|> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
|> fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
|> biomask c040 netmask cc40 ttymask ccc2
|> pctr: user-level cycle counter enabled
|> mtrr: Pentium Pro MTRR support
|> dkcsum: wd0 matched BIOS disk 80
|> root on wd0a
|> rootdev=0x0 rrootdev=0x300 rawdev=0x302
|> 
|-- 
|Saludos,
|Daniel
Prev by Date: compaq bl 10e vs. openbsd 3.1
Next by Date: really stupid question :D
Prev by thread: Re: OBSD 3.1 binat - resolved!
Next by thread: Re: OBSD 3.1 binat issue
Index(es):
- Date
- Thread