[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NAT problem



I have an interesting problem involving NAT. I have an i386 box on OBSD 2.7
that I'm configuring for home use, but right now, it's sitting on my
employer's network. It has two 100baseTX interfaces, dc0 and dc1.
Obligatory ASCII picture diagram:


 machine A<---->hub<---->dc1<--->NAT<---->dc0<---->employer's
network<----->internet


Now, I'm able to access virtually the entire internet from machine A, like
one would expect. I can telnet and ftp to other machines on my employer's
network from machine A. But, and here's the interesting part, I can't hit
any of the web servers on my employer's internal network from A, though I
can hit all outside servers. I simply get no connection.

At first I thought it might be a malformed ipf rule, so I opened it
completely ("pass in on dc0 from any to any"), without results. I can hit
those very same web servers from the NAT box without any problems as well.
I'm stomped.

I'm worried that when I finally do move this box to my home, that this
problem might prevent me from getting to some web sites. Any clues?

I only have two rules in my ipnat.rules file:

map dc0 192.168.0.0/24 -> 10.114.216.226/32 portmap tcp/udp 10000:60000
map dc0 192.168.0.0/24 -> 10.114.216.226/32

192.168.0.x is the range of addresses hanging off of dc1, dc0 is configured
for 10.114.216.226.

Thanks,
Raymond