'Re: Yet Another "Can't get IPNAT to work..." question.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Yet Another "Can't get IPNAT to work..." question.
From:       Jim Sandoz <sandoz () lucent ! com>
Date:       2003-03-31 17:15:53
[Download RAW message or body]


mike,

grok through the following...
http://marc.theaimsgroup.com/?l=ipfilter&m=97632164522144&w=2
http://marc.theaimsgroup.com/?l=ipfilter&m=101179250803382&w=2
http://marc.theaimsgroup.com/?l=ipfilter&m=101191495100723&w=2
http://marc.theaimsgroup.com/?l=ipfilter&m=99608074705794&w=2
http://marc.theaimsgroup.com/?l=ipfilter&m=101409568515510&w=2

jim




Mike Begley wrote:
> OS is NetBSD 1.6.  I'm unable to get connections from the outside to the
> interior machine.
> 
> My exterior IP address on the gateway is 216.162.199.112 on nic ep0, and
> I'm trying to redirect connections on port 25 through an interior nic
> ex0 at 10.1.1.1 to an interior machine at 10.1.1.2.  Connections are not
> succeeding.
> 
> My ipnat.conf is this:
> 
> # ep0  216.162.199.112  outside interface
> # ex0  10.1.1.1         inside interface
> #
> rdr ep0 216.162.199.112/32 port 25  -> 10.1.1.2 port 25
> map ex0 10.0.0.0/8 -> 216.162.199.112/32 portmap tcp/udp 10000:20000
> map ex0 10.0.0.0/8 -> 216.162.199.112/32
> 
> And running ipnat -l confirms these rules are loaded:
> 
> # ipnat -l
> List of active MAP/Redirect filters:
> rdr ep0 216.162.199.112/32 port 25 -> 10.1.1.2 port 25 tcp
> map ex0 10.0.0.0/8 -> 216.162.199.112/32 portmap tcp/udp 10000:20000
> map ex0 10.0.0.0/8 -> 216.162.199.112/32
> 
> Postfix is running on the interior machine, so there is something
> listening on port 25.  The interior machine has 10.1.1.1 listed as its
> default route.
> 
> When I don't have the above ipnat rules loaded, I can connect from the
> gateway machine to the interior machine.  However, when the rules are
> loaded, the connection never succeeds and eventually times out.  ipnat
> -l indicates that the sessions are active (this shows attempts from both
> the gateway and a machine out on the internet to connect):
> 
> List of active sessions:
> RDR 10.1.1.2        25    <- -> 216.162.199.112 25    [207.202.193.133
> 63531]
> RDR 10.1.1.2        25    <- -> 216.162.199.112 25    [207.202.193.133
> 63532]
> MAP 10.1.1.1        65132 <- -> 216.162.199.112 10001 [10.1.1.2 25]
> MAP 10.1.1.1        65133 <- -> 216.162.199.112 10000 [10.1.1.2 25]
> 
> My ipf.conf is pretty simplistic at the moment:
> 
> pass in quick on lo0 all
> pass out quick on lo0 all
> block in log quick all with short
> block in log quick on ep0 from any to any with ipopts
> 
> Ideas?  I'm stumped.  I've had no problem getting ipnat working before,
> but this one machine is being difficult.
> 
> Thanks...
> 
> -mike begley
> spam@hell.org
> 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic