[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipnat/ipf and redirect still not working

To: Jesse Trucks <jtrucks@madison.com>
Subject: Re: ipnat/ipf and redirect still not working
From: Thierry Deval <TDeval@PrimeOBJ.COM>
Date: Tue, 04 Jan 2000 17:19:48 +0100 (CET)
Cc: tech@openbsd.org
Organization: Prime Objective

Hello,

I may be an idiot (only because I haven't tested such a config ;-) , but
wouldn't you try to apply the redirect rules on the internal interface as
  rdr xl0 216.165.166.170/32 port 110 -> 180.9.4.160 port 110 tcp
  rdr xl0 216.165.166.170/32 port 143 -> 180.9.4.160 port 143 tcp/udp
  rdr xl0 216.165.166.170/32 port 25 -> 180.9.4.160 port 25 tcp/udp
  rdr xl0 216.165.166.170/32 port 80 -> 180.9.4.160 port 80

My idea is that you want, for instance, every request to port 110 of your
gateway to go to port 110 of the host 180.9.4.160.
This redirection has to go out from the internal interface (xl0), hasn't it ?

I don't know the internals of ipnat, but did you try this ?

my .02

On 04-Jan-00 Jesse Trucks wrote:
> Wim Vandeputte wrote:
> 
>> You probably reversed some of the ethernet names.
> 
> Nope. here is what I have:
> 
> rdr xl1 216.165.166.170/32 port 110 -> 180.9.4.160 port 110 tcp
> rdr xl1 216.165.166.170/32 port 143 -> 180.9.4.160 port 143 tcp/udp
> rdr xl1 216.165.166.170/32 port 25 -> 180.9.4.160 port 25 tcp/udp
> rdr xl1 216.165.166.170/32 port 80 -> 180.9.4.160 port 80
> 
> map xl1 180.9.4.160/32 -> 216.165.166.170/32 portmap tcp/udp 15001:19000
> map xl1 180.9.4.160/32 -> 216.165.166.170/32
> 
> ifconfig -a
> 
> xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
>         media: Ethernet 10baseT (10baseT half-duplex)
>         inet 180.9.100.1 netmask 0xffff0000 broadcast 180.9.255.255
> xl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
>         media: Ethernet 10baseT (10baseT half-duplex)
>         inet 216.165.166.162 netmask 0xffffffe0 broadcast 216.165.166.191
> 
> ifconfig xl1
> 
> xl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
>         media: Ethernet 10baseT (10baseT half-duplex)
>         inet 216.165.166.162 netmask 0xffffffe0 broadcast 216.165.166.191
>         inet 216.165.166.170 netmask 0xffffffff broadcast 216.165.166.170
> 
> xl1 is the external 'internet' side of life.
> 
> Sooo. As you can see the configs look right. There appears to be no
> traffic going into the network across the interfaces though. Next, I am
> going to run a sniffer on the internal and external interfaces to see if
> any traffic does occur there.
> 
> -- 
> Jesse Trucks
> jtrucks@madison.com
> Online Technical Producer
> Madison Newspapers, Inc. - http://www.madison.com

----------------------------------
E-Mail: Thierry Deval <TDeval@PrimeOBJ.COM>
Date: 04-Jan-00
Time: 17:13:31

         Prime Objective
   OpenBSD - Linux - Windows NT
 OO Development - Network Systems
----------------------------------

Follow-Ups:
- Re: ipnat/ipf and redirect still not working
  - From: Jesse Trucks <jtrucks@madison.com>

References:
- Re: ipnat/ipf and redirect still not working
  - From: Jesse Trucks <jtrucks@madison.com>

Prev by Date: Re: Alpha XP1000 (EV6) and OpenBSD?
Next by Date: Re: troff
Prev by thread: Re: ipnat/ipf and redirect still not working
Next by thread: Re: ipnat/ipf and redirect still not working
Index(es):
- Date
- Thread