[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NAT trouble
Hello all,
I have an extremely basic /etc/nat.conf file running on OpenBSD 3.1-stable.
I've looked through the archives, and the documentation, but I'm not
understanding where I'm going wrong. I'm not doing anything fancy, just
basic NAT: redirect all machines on a private IP address range to a public
IP, keep state, and allow established connections back in. /etc/pf.conf has
no rule restrictions either.
I do have a 2nd transparent bridging firewall, but I'm unable to ping
machines before that is reached, so I don't believe it is the issue. I have
two interfaces, ext_if is the external interface with the public_ip
assigned, int_if is the internal interface with a private_ip assigned.
>From playing around, I see that NAT is extremely sensitive to which
interface is being used.
gateway# uname -msrv
OpenBSD 3.1 GENERIC#0 i386
The active rule in /etc/nat.conf (all others are macro defs and/or comments)
nat on $ext_if from $private to any -> $public_ip
The results of pfctl -s are:
gateway# pfctl -s all
@0 pass in log all
@1 pass out log all
nat on ext_if from private to any -> public_ip
Status: Enabled Time: 1032309137 Since: 1031854621 Debug: None
Bytes In IPv4: 15848304 Bytes Out: 5760821
IPv6: 0 Bytes Out: 0
Inbound Packets IPv4: Passed: 92057 Dropped: 0
IPv6: Passed: 0 Dropped: 0
Outbound Packets IPv4: Passed: 18579 Dropped: 0
IPv6: Passed: 0 Dropped: 0
States: 0
pf Counters
state searches 194922
state inserts 18
state removals 18
Counters
match 194579
bad-offset 0
fragment 0
short 0
normalize 0
memory 0
Any clues why this isn't working?
Thanks,
***************************
* Adam Getchell
AdamG@hrrm.ucdavis.edu
* System Architect/Programmer (530) 752-1584
* Human Resources Information Systems
http://www.hr.ucdavis.edu/
***************************
"Invincibility is in oneself, vulnerability in the opponent." -- Sun Tzu