IpNat and 3 NIC

cedric Gross cgross at 2blc.Com
Thu Jan 12 07:53:12 PST 2006 

Thanks you, it's working !

But why using vr0 instead of vr1 for map instruction ? Network
192.168.0.32/27 is attach to  vr1 not vr0 ...

Is it an IPNat mystery or have you an answer ?

> -----Message d'origine-----
> De : owner-freebsd-questions at freebsd.org 
> [mailto:owner-freebsd-questions at freebsd.org] De la part de fbsd_user
> Envoyé : jeudi 12 janvier 2006 16:43
> À : cedric Gross; freebsd-questions at freebsd.org
> Objet : RE: IpNat and 3 NIC
> 
> You have ipnat statements wrong.  should be liked this
> 
> map vr0 10.0.0.0/8 -> 0.32 proxy port ftp ftp/tcp
> map vr0 10.0.0.0/8 -> 0.32 portmap tcp/udp 20000:60000
> map vr0 10.0.0.0/8 -> 0.32
> map vr0 192.168.0.0/30 -> 0.32 portmap tcp/udp auto
> map vr0 192.168.0.32/27 -> 0.32 portmap tcp/udp auto
> map vr0 192.168.0.32/27 -> 0.32
> map vr0 192.168.0.96/27 -> 0.32 portmap tcp/udp auto
> map vr0 192.168.0.96/27 -> 0.32
> rdr xl0 0.0.0.0/0 port 80 -> 10.0.0.254 port 3128 tcp
> rdr vr1 192.168.0.32/27 port 80 -> 10.0.0.254 port 3128 tcp
> rdr vr1 192.168.0.96/27 port 80 -> 10.0.0.254 port 3128 tcp
> 
> Note map vr1 has been changed to vr0
> 
> If your public IP 84.96.23.106 is not dedicated to you by your ISP,
> then you should not be hard coding it in your IPnat rules.  Read the
> Freebsd ipfilter documentation in the handbook for details.
> 
> 0.32 = The IP address/netmask assigned by your ISP.
>        The special keyword 0.32 tells ipnat to get the current
> public
>        IP address of the interface specified on this statement and
>        substitute it for the 0.32 keyword.
> 
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of cedric
> Gross
> Sent: Thursday, January 12, 2006 9:58 AM
> To: freebsd-questions at freebsd.org
> Subject: IpNat and 3 NIC
> 
> 
> Hello,
> 
> I have my FreeBSD 5.4 box with 3 NIC :
> 
> Xl0 LAN with network 10.0.0.0/8 and 192.168.0.0/30
> VR0 Wan 84.96.23.106/32
> VR1 LAN with network 192.168.0.32/27 and 192.168.0.96/27
> 
> I use IPNAT and Ip filter.
> 
> I'm doing NAT from Xl0 to Vr0, it's working fine
> 
> I'm trying to do the same thing with vr1 to Vr0 but it's seems that
> traffic
> coming from vr1 are not translated.
> Is there a interface limitation with IPNAT ?
> 
> Is there a way to do translation from both NIC ?
> 
> Here is my ipnat.conf :
> map vr0 10.0.0.0/8 -> 84.96.23.106/32 proxy port ftp ftp/tcp
> map vr0 10.0.0.0/8 -> 84.96.23.106/32 portmap tcp/udp 20000:60000
> map vr0 10.0.0.0/8 -> 84.96.23.106/32
> map vr0 192.168.0.0/30 -> 84.96.23.106/32 portmap tcp/udp auto
> map vr1 192.168.0.32/27 -> 84.96.23.106/32 portmap tcp/udp auto
> map vr1 192.168.0.32/27 -> 84.96.23.106/32
> map vr1 192.168.0.96/27 -> 84.96.23.106/32 portmap tcp/udp auto
> map vr1 192.168.0.96/27 -> 84.96.23.106/32
> rdr xl0 0.0.0.0/0 port 80 -> 10.0.0.254 port 3128 tcp
> rdr vr1 192.168.0.32/27 port 80 -> 10.0.0.254 port 3128 tcp
> rdr vr1 192.168.0.96/27 port 80 -> 10.0.0.254 port 3128 tcp
> 
> Thanks for help.
> Cedric
> 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list