[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OBSD 3.1 binat issue

To: misc@openbsd.org
Subject: Re: OBSD 3.1 binat issue
From: "Scott Sandeman-Allen (RSCorp)" <scott@rscorp.ab.ca>
Date: Wed, 12 Jun 2002 11:12:01 -0600

In response to gwyllion@ace.ulyssis.org

|Yes, it works. Let's try again. Does the binat work without firewall
|rules? Binat changes address, so your firewall rules will be different.

Runnng "pfctl -F rules" is without rules. I just tested again and could only
ping my interfaces from the DMZ servers.

|You have
|binat on $EXT_IF from $MAIL_SERVER to any -> $EXT_IP1
|binat on $EXT_IF from $WWW_SERVER  to any -> $EXT_IP2
|So you should filter on $MAIL_SERVER and $WWW_SERVER not on $EXT_IP1 and
|$EXT_IP2.

?

Given that my gateway resides on say 10.1.1.1 and that my two other IPs are
10.1.1.2 and 10.1.1.3 should it not be written as:

binat on fxp0 from 192.168.0.2 to any -> 10.1.1.2
binat on fxp0 from 192.168.0.3 to any -> 10.1.1.3


Thanks,

Scott

Prev by Date: Re: OBSD 3.1 binat issue
Next by Date: FFS Panic with CF Card
Prev by thread: Re: OBSD 3.1 binat issue
Next by thread: compaq bl 10e vs. openbsd 3.1
Index(es):
- Date
- Thread