Setting up a a route in FreeBSD with NAT issues
Kaya Saman
kayasaman at gmail.com
Fri Mar 11 17:49:21 UTC 2011
Eventually I got this thing to work by adding the following syntax into
the config files:
/etc/rc.conf:
gateway_enable="YES"
hostname="ROUTER.test.org <http://ROUTER.test.org>"
ifconfig_em0="inet 172.16.7.136 netmask 255.255.240.0"
em0_nat="NO"
ifconfig_em1="inet 10.100.100.1 netmask 255.255.255.192"
em1_nat="YES"
inetd_enable="YES"
keymap="uk.iso"
sshd_enable="YES"
defaultrouter="172.16.0.1"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.rules"
named_enable="YES"
#static_routes="em0 em1"
#route_em1="-net 10.100.100.0/26 <http://10.100.100.0/26> 172.16.0.0/20
<http://172.16.0.0/20>"
#route_em0="-net 172.16.0.0 0.0.0.0/0 <http://0.0.0.0/0>"
/etc/ipnat.rules
#map em0 0.0.0.0/0 <http://0.0.0.0/0> -> 0/32 proxy port 8080 htto/tcp
#map em0 0.0.0.0/0 <http://0.0.0.0/0> -> 0/32 portmap tcp/udp
10000:65000
#map em0 0.0.0.0/0 <http://0.0.0.0/0> -> 0/32
#map em0 0.0.0.0/0 <http://0.0.0.0/0> -> 0/32 auto
#map em1 10.100.100.0/26 <http://10.100.100.0/26> -> 0/32 proxy port
8080 http/tcp
#map em1 10.100.100.0/26 <http://10.100.100.0/26> -> 0/32 portmap
tcp/udp 10000:65000
#map em1 10.100.100.0/26 <http://10.100.100.0/26> -> 0/32
#map em1 10.100.100.0/26 <http://10.100.100.0/26> -> 0/32 auto
map em0 10.100.100.0/26 <http://10.100.100.0/26> -> 0/32 proxy port 8080
http/tcp
map em0 10.100.100.0/26 <http://10.100.100.0/26> -> 0/32 portmap tcp/udp
10000:65000
map em0 10.100.100.0/26 <http://10.100.100.0/26> -> 0/32
map em0 10.100.100.0/26 <http://10.100.100.0/26> -> 0/32 auto
The trick was in fact to utilize the external interface within the NAT
map file then direct the internal network via the 'gateway of last
resort' - default route.
The config can be easily adapted and modified from here if anyone is
interested in doing something similar or adding extra networks in the
middle such as a firewall or proxy........
Many thanks,
Kaya
On 03/11/2011 12:34 PM, Kaya Saman wrote:
> Ok I've managed to make some headway however it still isn't working
> properly:
>
>
> /etc/ipnat.rules
>
>
> #map em1 10.100.100.0/26 <http://10.100.100.0/26> -> 0.0.0.0/32
> <http://0.0.0.0/32> portmap tcp/udp 10000:65000
> map em1 10.100.100.0/26 <http://10.100.100.0/26> -> 0.0.0.0/32
> <http://0.0.0.0/32>
> map em1 10.100.100.0/26 <http://10.100.100.0/26> -> 0.0.0.0/32
> <http://0.0.0.0/32> auto
>
>
> I then added this addition to the end of the
>
> /etc/rc.conf file:
>
>
> static_routes="em0 em1"
> route_em1="-net 10.100.100.0/26 <http://10.100.100.0/26> 172.16.0.0/20
> <http://172.16.0.0/20>"
> route_em0="-net 172.16.0.0 0.0.0.0/0 <http://0.0.0.0/0>"
>
>
> when I run traceroute on my host now I can see it going through the
> system however I'm still not sure it's being NAT'd or routed??
>
> ROUTER# ipnat -l
> List of active MAP/Redirect filters:
> map em1 10.100.100.0/26 <http://10.100.100.0/26> -> 0.0.0.0/32
> <http://0.0.0.0/32>
>
> List of active sessions:
> MAP 10.100.100.1 53 <- -> 10.100.100.1 53 [10.100.100.2 32772]
More information about the freebsd-questions
mailing list