[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IP forwarding of public IP with no NATing

To: Kevin Nottelling <ah_chang@hotmail.com>
Subject: Re: IP forwarding of public IP with no NATing
From: Cedric Berger <cedric@wireless-networks.com>
Date: Mon, 23 Jul 2001 16:41:13 -0700
Cc: tech@openbsd.org
References: <F174StgLzhVOJwnzsLq00004510@hotmail.com>

Kevin Nottelling wrote:

> Hello,
>
> First let me apologize for the newbieness of this question.  I'm trying to
> set up a 2.9 firewall router for machines on public IPs.  I've done it with
> ease on computers with private IPs with an OpenBSD machine handling the
> NATing.
>
> This time, everthing must have public IPs, the external interface and all
> the machines behind the firewall.  I suppose all I'm doing is creating a
> DMZ.  In /etc/sysctl.conf I've already uncommented:
> net.inet.ip.forwarding=1
>
> And in rc.conf I have:
> ipfilter=YES
> ipnat=NO
>
> The ipfilter rules are default right now which pass all.
>
> The internal NIC has a public IP, and connected to a hub.  The protected
> machines have the internal NIC's IP as the default gateway.  So far it's not
> working.
>
> Could someone please tell me what I'm missing?

Probably setting up proper static routes for all your networks (on *all*
your boxes)
If you don't know what I mean, send me the result of
   "netstat -nrf encap"

a "tcpdump -pni <internal_interface>" would be interresting too.

Cedric

Follow-Ups:
- Re: IP forwarding of public IP with no NATing
  - From: Cedric Berger <cedric@wireless-networks.com>

References:
- IP forwarding of public IP with no NATing
  - From: "Kevin Nottelling" <ah_chang@hotmail.com>

Prev by Date: IP forwarding of public IP with no NATing
Next by Date: Re: IP forwarding of public IP with no NATing
Prev by thread: IP forwarding of public IP with no NATing
Next by thread: Re: IP forwarding of public IP with no NATing
Index(es):
- Date
- Thread