Fwd: ipnat

• Previous message: Marcin Jessa: "Re: Portforwarding how?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: freebsd-net@freebsd.org
Date: Fri, 23 Sep 2005 13:59:00 +0000

Hi There

I need some help. I've always used Freebsd 4.x as my main firewall, now i've
upgrade to 5.4 with the same config files. I can ping the net from the
BSD-server, but not from the lan. All my config files is below

I get the following when from a firewall that i'm pinging

meerkat /kernel: ipfw: 2 Accept ICMP:8.0 172.20.154.77 69.67.33.50 in via rl1
meerkat /kernel: ipfw: 2 Accept ICMP:0.0 69.67.33.50 172.20.154.77 out via rl1

Please help.

Thanks

# This is my config rc.conf
ifconfig_xl1_alias0=" inet 196.23.176.188 netmask 255.255.255.255"
ifconfig_xl1_alias1=" inet 196.23.176.189 netmask 255.255.255.255"
ifconfig_xl1_alias2=" inet 196.23.176.190 netmask 255.255.255.255"
ifconfig_xl1_alias3=" inet 196.23.176.186 netmask 255.255.255.255"
ifconfig_xl1_alias4=" inet 196.23.176.185 netmask 255.255.255.255"
ifconfig_xl1_alias5=" inet 196.23.176.184 netmask 255.255.255.255"
ifconfig_xl1_alias6=" inet 196.23.176.183 netmask 255.255.255.255"
ifconfig_xl1=" inet 196.23.176.187 netmask 255.255.255.240"

ifconfig_xl0=" inet 172.20.154.2 netmask 255.255.255.0"

# This is my ipnat.rules
bimap xl1 172.20.154.199/32 -> 196.23.176.188/32
bimap xl1 172.20.154.198/32 -> 196.23.176.189/32
bimap xl1 172.20.154.197/32 -> 196.23.176.190/32
bimap xl1 172.20.154.3/32 -> 196.23.176.186/32

map xl1 172.20.154.0/24 -> 196.23.176.187/32

RC.conf
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="OPEN"
firewall_quiet="NO"
firewall_logging="YES"
firewall_flags=""

ipfilter_enable="YES"
ipfilter_program="/sbin/ipf"
ipfilter_rules="/etc/ipf.rules"
ipfilter_flags=""

ipnat_enable="YES"
ipnat_program="/sbin/ipnat"
ipnat_rules="/etc/ipnat.rules"
ipnat_flags=""

ipmon_enable="YES"
ipmon_program="/sbin/ipmon"
ipmon_flags="-Ds"

In my kernel

options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT
options DUMMYNET
options HZ=1000

ipf.rules
pass in all
pass out all

-------------------------------------------------------

-- 
Lourik Malan
Woodlands Technologies Pty(LTD)
082 570 3191
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Marcin Jessa: "Re: Portforwarding how?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages ipnat ... upgrade to 5.4 with the same config files. ... I can ping the net from the ... ifconfig_xl1_alias0=" inet 196.23.176.188 netmask 255.255.255.255" ... (freebsd-net) Re: Obytes counter in netstat not incrementing ... related to my netmask address for the inet alias? ... inet 208.110.87.43 netmask 0xffffff00 broadcast 208.110.87.255 ... (freebsd-hackers) Re: Having a problem with getting ipfw fwd to work with vlans and bge - 6.1-RC1 amd64 ... inet 10.255.1.254 netmask 0xffffff00 broadcast 10.255.1.255 ... 4569 keep-state ... (freebsd-net) Having a problem with getting ipfw fwd to work with vlans and bge - 6.1-RC1 amd64 ... inet 10.255.1.254 netmask 0xffffff00 broadcast 10.255.1.255 ... 4569 keep-state ... (freebsd-net) Re: dhcpd assigns address, but DNS resolvers and ping fail ... The client doesn't get the DNS resolver information and can't ... inet 192.168.17.1 netmask 0xffffff00 broadcast 192.168.17.255 ... (freebsd-questions)