[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    NAT in bridged mode?
From:       "Michael T. Davis" <DAVISM () ecr6 ! ohio-state ! edu>
Date:       2005-05-13 13:03:59
Message-ID: 01LO7BUMQKNM91B96R () er6s1 ! eng ! ohio-state ! edu
[Download RAW message or body]

	Is there any way to utilize ipnat with ipf when running as a bridge?
In particular, we'd like to redirect various services from one side of the
bridge to a specific address on the other side of the bridge.  FWIW, we're
running IPF v3.3.18 under OpenBSD v2.8.

	I tried using telnet as a test:

 In /etc/ipf.rules...

pass in quick on <ext-if> proto tcp \
 from any to <telnet-IP> port = 23 flags S keep state

 In ipnat.rules...

rdr <ext-if> <another-IP>/32 port 23 -> <telnet-IP> port 23 tcp

The "<variables>" are just placeholders here for what, in practice, are actual
entities (IP addresses or interfaces).  Using `ipnat -l', I can see a session
for the attempt I initiate from outside the firewall to <another-IP>:

RDR <telnet-IP>     23    <- -> <another-IP>    23    [<outside-IP> 2496]


...But the connection doesn't seem to get anywhere.  (I don't see the expected
login process initiate and the telnet client eventually times out.)  Here,
both <telnet-IP> and <another-IP> are behind (or inside) the firewall, and
<outside-IP> isn't.  Assuming this should work, what other diagnostics could I
enlist to help track down the problem?

Thanks,
Mike
-- 
             Michael T. Davis            |    Systems Specialist: CBE,MSE
    E-mail: davism@ecr6.ohio-state.edu   | Departmental Networking/Computing
           -or- DAVISM+@osu.edu          |     The Ohio State University
 http://www.ecr6.ohio-state.edu/~davism/ |     197 Watts, (614) 292-6928
[prev in list] [next in list] [prev in thread] [next in thread]