ipnat dmz/internal network issue
Ggatten at waddell.com
Tue Apr 14 18:35:34 UTC 2009
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Steve Krawcke
Sent: Tuesday, April 14, 2009 12:08 PM
To: mail.list freebsd-questions
Subject: ipnat dmz/internal network issue
I have a gateway setup wing freebsd 7.1
gateway% uname -a
FreeBSD gateway.latcha.com 7.1-RELEASE-p2 FreeBSD 7.1-RELEASE-p2 #0:
Wed Feb 4 20:27:06 EST 2009 root at gateway3.latcha.com:/usr/obj/usr/
I have 1 external nic , and 2 internal, one for a DMZ and one for the
rest of the network
em0 is my external, em1 is my internal and em2 is my DMZ
I am using ipf and ipnat to get access to the internet, but I am
having an issue.
I am able to get to the internet via nat on both em1 and em2.
I am able to get port/IP redriection working from em0 -> em2
I can access the address space from em1 <-> em2
But if I go to one of the redirected IPs from em1 -> em0 -> em2 it
here are my ipnat rules
map em1 from 10.75.0.1/24 to 10.73.0.1/16 -> 0/0
map em1 from 22.214.171.124/32 to 10.73.0.1/16 -> 0/0
map em0 from 10.73.0.1/16 to any -> 126.96.36.199/32 portmap tcp/udp
map em0 from 10.75.0.1/24 to any -> 188.8.131.52/32 portmap tcp/udp
rdr em0 from any to 184.108.40.206/32 port = 80 -> 10.75.0.29 port 80 tcp
rdr em0 from any to 220.127.116.11/32 port = 80 -> 10.75.0.30 port 80 tcp
rdr em0 from any to 18.104.22.168/32 port = 80 -> 10.75.0.26 port 80 tcp
for now I have the firewall rules disabled, until I get this working,
so I know it isn't a firewall issue.
Any help would be appreciated.
You want to get to a "public" address that really exists on your DMZ
from your private LAN? Why not connect to the DMZ addresses directly?
What you're trying to do is probably possible, but tricky in some cases
and not possible with some/many commercial firewalls. I'll have to read
this a few more times and draw a pretty picture....
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
More information about the freebsd-questions