[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How to rdr back into a private network?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: How to rdr back into a private network?
From: Darik Horn <darik_(_at_)_gulf_(_dot_)_waterways_(_dot_)_geeky_(_dot_)_net>
Date: Mon, 30 Oct 2000 14:37:42 -0500 (EST)

Is it possible to redirect connections back into a private network if that
private network is being NAT'd?

I have an OpenBSD box that is doing NAT for two private networks.  There
is a CVS server on one private network that I have made available to the
outside world.

This is my rule in '/etc/ipnat.rules':
"rdr vr0 299.299.299.102/32 port ssh -> 192.168.72.2 port ssh"

The CVS server is accessible from the Internet.  The vr0 interface is
external with address 299.299.299.98, and 299.299.299.102 is an alias.

However, users on the 192.168.72.0 private network can not connect to the
CVS server by resolving 299.299.299.102 through the DNS because their
connections are going to the OpenBSD machine instead of the CVS machine.

I tried adding this line to '/etc/ipnat.rules':
"rdr vr1 299.299.299.102/32 port ssh -> 192.168.72.2 port ssh"

Instead of going to the OpenBSD machine, sessions are now timing out after
several minutes.  Sessions are never redirected to the CVS server if they
originate on the 192.168.72.0 private network.

'ipnat -l' shows this:
"RDR 192.168.72.2  22  <- ->  299.299.299.102  22 [192.168.72.132 1912]"

The vr1 interface has address 192.168.72.1 on the private network.  I am
sitting at 192.168.72.132 trying to access the CVS server through
299.299.299.102,

I have been playing with the rules but I have been unable to figure it
out.  -- Can anybody offer hints as to how I might make this work?

Here are the plain '/etc/ipnat.rules' and '/etc/ipf.rules' files that I am
using at the moment:

###########################################################################
# See /usr/share/ipf/nat.1 for examples.
# edit the ipnat= line in /etc/rc.conf to enable Network Address Translation

# Redirection for the CVS server.
rdr vr0 299.299.299.102/32 port ssh -> 192.168.72.2 port ssh
rdr vr1 299.299.299.102/32 port ssh -> 192.168.72.2 port ssh

# Active FTP portmapping.
map vr0 192.168.72.0/24 -> vr0/32 proxy port ftp ftp/tcp
map vr0 192.168.144.0/24 -> vr0/32 proxy port ftp ftp/tcp

# Regular TCP and UDP traffic.
map vr0 192.168.72.0/24 -> vr0/32 portmap tcp/udp 10000:20000
map vr0 192.168.144.0/24 -> vr0/32 portmap tcp/udp 10000:20000

# ICMP traffic, for stuff like ping.
map vr0 192.168.72.0/24 -> vr0/32
map vr0 192.168.144.0/24 -> vr0/32

############################################################
# IP filtering rules.  See the ipf(5) man page for more
# information on the format of this file, and /usr/share/ipf
# for example configuration files.

# Pass all packets by default.
pass in from any to any
pass out from any to any

[]

Follow-Ups:
- Re: How to rdr back into a private network?
  - From: Seth Arnold
- Re: How to rdr back into a private network?
  - From: Sebastian Stark
- Re: How to rdr back into a private network?
  - From: Darik Horn

Prev by Date: Re: Swap problem
Next by Date: Re: How to rdr back into a private network?
Previous by thread: Re: Swap problem
Next by thread: Re: How to rdr back into a private network?
Index(es):
- Date
- Thread

Visit your host, monkey.org