[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
some light on the ipf/nat thing...
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: some light on the ipf/nat thing...
- From: nm <nm_(_at_)_vt_(_dot_)_edu>
- Date: Wed, 28 Jan 1998 22:38:21 -0500
ok, i found out some more today on the status of my little
local network...
here is the story so far...
im pretty certain that my ipf.rules and nat.rules are good...
i'll include all the details and such at the end...
ok, first a little diagram of the network(s)
Big Fat
Internet <I>----------<A>--------<B>
ok, now...
---- means ethernet segment...
<I> this is the main gateway to the internet
its ip is 198.82.67.1
<A> this is my openbsd box, it has two ethernet
cards, de0 and de1
de0 is 198.82.67.121 (class c)
de1 is 192.168.1.1 (class c)
<B> this is my winnt box (yes yes i know ;), it has one ethernet card
with 192.168.1.2 as the ip
now the fun stuff...
from B i can ping A and anything on the internet...
now, if i run tcpdump -i de1 on A (the openbsd machine)
and try to do a name server look up from B, here is what
is shown:
21:09:45.867187 glacier.1165 > dcssvx.cc.vt.edu.domain: 1+ (29)
21:09:45.873046 dcssvx.cc.vt.edu.domain > glacier.1165: 1* 1/5/5 (245)
ok, now glacier is box B and dcssvx.cc.vt.edu is the name server
out on the inet somewhere...
from this its obvious that the information for the request for the
lookup got to the name server and was processed and sent back...
you can also see that the result of that query did make it onto the
same network that B is on...
however B appears as if the request never made it and times out :(
i am sure that this is not B's fault as i have tried various os's
on B just to make sure that it wasnt just another NT bug...
any ideas?
any and all help would be great,
thanks,
nick maniscalco
nm_(_at_)_vt_(_dot_)_edu
what follows is all the nitty gritty stuff...
anyway here is my /etc/ipf.rules
--------------------------------
penfold# cat /etc/ipf.rules
pass in from any to any
pass out from any to any
penfold#
and here is my /etc/nat.rules
-----------------------------
penfold# cat /etc/nat.rules
map de0 192.168.1.0/24 -> 198.82.67.121/32 portmap tcp/udp 10000:20000
map de0 192.168.1.0/24 -> 198.82.67.121/32
penfold#
and just in case here is my kernel configuration file
-----------------------------------------------------
penfold# cat PENFOLD
# $OpenBSD: AXPPCI33,v 1.3 1997/07/08 21:26:27 deraadt Exp $
#
# Generic Alpha AXPPCI33 (NoName) kernel.
# Enough to get booted, etc., but not much more.
#
machine alpha
option SWAPPAGER, DEVPAGER
maxusers 8
# CPU Support
#option DEC_3000_500 # Flamingo etc: 3000/[4-9]00*
#option DEC_3000_300 # Pelican etc: 3000/300*
#option DEC_2100_A50 # Avanti etc: AlphaStation 400, 200, etc.
#option DEC_KN20AA # KN20AA: AlphaStation 600
option DEC_AXPPCI_33 # NoName: AXPpci33, etc.
#option DEC_EB164 # EB164: AlphaPC 164
#option DEC_2000_300 # "Jensen": 2000/300 (DECpc AXP 150)
# needs to be set per system
option TIMEZONE="5*60" # Minutes west of GMT (for param.c)
option DST=1 # Daylight savings rules (for param.c)
# Standard system option
options DEBUG, DIAGNOSTIC # Extra kernel debugging
option KTRACE # System call tracing support
# File system option
option FIFO # POSIX fifo support (in all file systems)
option FFS # Fast file system
option MFS # Memory-based file system
option NFSSERVER # Sun NFS-compatible file system server
option NFSCLIENT # Sun NFS-compatible file system client
option CD9660 # ISO 9660 + Rock Ridge file system
option KERNFS # /kern
option PROCFS # /proc
option NULLFS # loopback file system
option MSDOSFS
option UNION
option SYSVMSG
option SYSVSEM
option SYSVSHM
# Networking option
option INET # Internet protocol suite
option GATEWAY
option IPFILTER
option IPFILTER_LOG
# 4.3BSD compatibility. Should be optional, but necessary for now.
option COMPAT_43
# Binary compatibility with previous versions of NetBSD.
#option COMPAT_09
option COMPAT_10
option COMPAT_11
option COMPAT_12
# OSF/1 binary compatibility -- CURRENTLY DOES NOT WORK
#option COMPAT_OSF1
# Loadable Kernel Modules
option LKM
# Disable kernel security.
#option INSECURE
# Misc. option
#option EISAVERBOSE # recognize "unknown" EISA devices
option PCIVERBOSE # recognize "unknown" PCI devices
#option TCVERBOSE # recognize "unknown" TC devices
#config bsd swap generic
#config bsd root on sd0 swap on sd0
#config bsd root nfs swap nfs
config bsd root on sd1a swap on sd1b
mainbus0 at root
cpu* at mainbus0
# TurboChannel host bus adapter support
#tcasic* at mainbus0
# TurboChannel bus support
#tc* at tcasic?
# TurboChannel devices
#ioasic* at tc? slot ? offset ?
#mcclock* at ioasic? offset ?
#le* at ioasic? offset ?
#scc0 at ioasic? offset ?
#scc1 at ioasic? offset ?
#tcds0 at tc? slot ? offset ?
#esp0 at tcds? slot ?
#esp1 at tcds? slot ?
#cfb* at tc? slot ? offset ?
#sfb* at tc? slot ? offset ?
#le* at tc? slot ? offset ?
#fta* at tc? slot ? offset ? # DEC DEFTA FDDI cards
# PCI host bus adapter support
#apecs* at mainbus?
#cia* at mainbus?
lca* at mainbus?
# PCI bus support
#pci* at apecs?
#pci* at cia?
pci* at lca?
pci* at ppb?
# PCI devices
ahc* at pci? dev ? function ? # AHA-28xx SCSI (NOT 64-BIT)
de* at pci? dev ? function ? # 21x4[012]-based Ethernet
ed* at pci? dev ? function ? # NE2000-compat ethernet cards
#en* at pci? dev ? function ? # ENI PCI ATM (untested)
ep* at pci? dev ? function ? # 3COM 3c59x (untested)
fpa* at pci? dev ? function ? # DEC DEFPA FDDI cards
le* at pci? dev ? function ? # PCI LANCE Ethernet
(untested)
ncr* at pci? dev ? function ? # NCR 53c8xx SCSI
#pceb* at pci? dev ? function ? # Intel PCI-EISA brige
vga* at pci? dev ? function ? # PCI VGA graphics
ppb* at pci? dev ? function ? # PCI-PCI bridges
sio* at pci? dev ? function ? # Intel PCI-ISA bridge
tga* at pci? dev ? function ? # DEC ZLXp-E[123] graphics
# ISA/EISA bus support
#isa* at pceb?
#eisa* at pceb?
isa* at sio?
# ISA devices
mcclock* at isa? port 0x70
pcppi* at isa? # PC prog. periph. interface
pckbd* at pcppi? # PC keyboard (kbd port)
pms* at pcppi? # PS/2-style mouse (aux port)
com* at isa? port 0x3f8 irq 4 # standard serial ports
com* at isa? port 0x2f8 irq 3
lpt* at isa? port 0x3bc irq 7 # standard parallel port
vga* at isa? # ISA (EISA: XXX) VGA
ed0 at isa? port 0x280 iomem 0xd0000 irq 9 # WD/SMC, 3C503, and
ed1 at isa? port 0x250 iomem 0xd8000 irq 9 # NE[12]000 ethercards
ed2 at isa? port 0x300 iomem 0xcc000 irq 10
#wss* at isa? port 0x530 irq 9 drq 0 # Windows Sound System
# EISA devices
#fea* at eisa? slot ? # DEC DEFEA FDDI cards
# SCSI bus support
#scsibus* at esp?
scsibus* at ncr?
scsibus* at ahc?
# SCSI devices
cd* at scsibus? target ? lun ?
sd* at scsibus? target ? lun ?
ss* at scsibus? target ? lun ?
st* at scsibus? target ? lun ?
uk* at scsibus? target ? lun ?
# Workstation Console attachments
#wscons* at cfb?
wscons* at vga?
#wscons* at sfb?
#wscons* at tga?
pseudo-device bpfilter 16
pseudo-device loop
pseudo-device pty 64
pseudo-device rd 1
pseudo-device sl 4
pseudo-device vnd 4
penfold#
Visit your host, monkey.org