[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: nat w/ source address
From:       Larry Moore <lmoore () starwon ! com ! au>
Date:       2001-08-31 22:35:39
[Download RAW message or body]

Try changing dmfe1 to dmfe0.

The way I interpret this infromation is that dmfe1 is internal to your 
network and dmfe0 is the interface that connects you to the outside world 
therefore any mapping should be occuring on packets that make there way out 
of your network to the internet thus the mapping should be on dmfe0.

Cheers,

Larry.

--On Friday, 31 August 2001 17:24 -0400 Todd Kover <kovert@omniscient.com> 
wrote:

>
>  > The "rdr" affects packets coming in on an interface not going out.
> Also in   > your "map" line you could change 1.2.3.4 to 1.2.3.0/24 or
> whatever is   > appropriate for your network subnet.
>
> I'm actually only trying to specific individual hosts rather than whole
> networks.
>
>  > What is the output from "ipnat -l" when you have packets coming in on
> dmfe1   > that are destibed to port 80 on that interface and also when
> you attempt to   > g out of dmfe1.
>
> probably more realistic IPs help this example...  Network looks like this:
>
> 			+---------------+
> 	dmfe0(internet)-+ ipf box	+--- dmfe1 -- 208.213.83.97/27
> 			+---------------+
>
> Sitting on 208.213.83.126, I and run 'lynx http://www.google.com/',
> and because this particular host is blessed, I want it to be able to go
> directly to www.google.com rather than be redirected to 208.213.83.97's
> port 8000 as every other host on dmfe1 would be.
>
> 208.213.83.97 is the box running ipf/ipnat as well as the "here's what you
> need to do to get net access" web server.
>
> [root@fw#202 ~kovert] ipnat -l
> List of active MAP/Redirect filters:
> map dmfe1 from 208.213.83.126/32 to any -> 0.0.0.0/32
> rdr dmfe1 0.0.0.0/0 port 80 -> 208.213.83.97 port 8000 tcp
>
> List of active sessions:
> RDR 208.213.83.97   8000  <- -> 216.239.33.101  80    [208.213.83.126
> 1094]
>
> it looks similar (just different pots on .126) when I have the map rule
> map to 0/0, as well as moving both map rules to the end. (all 4 possible
> combinations).
>
> hopefully this is a little clearer of an explanation of what I'm
> attempting and what I'm seeing.
>
> thanks,
> -Todd
>

[prev in list] [next in list] [prev in thread] [next in thread]