[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: routing w/o nat



I didn't think of using rdr. I'll try that. I'm used to doing firewall-1 configs and the routing is done by the OS by default. I'm just learning that that's not the case with ipf on openbsd. I am able to route through from a different subnet, but it's using NAT. I thought maybe the fastroute option was the way to go, but it took the box down.


From: Seth Arnold <sarnold_(_at_)_willamette_(_dot_)_edu>
To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: routing w/o nat
Date: Mon, 16 Oct 2000 17:33:11 -0700

Joe, the easiest way I can think to do this requires making the outside
NIC on your OpenBSD box answer to all the IPs of the DMZ, and use ipf
with rdr to redirect the packets to the DMZ machine.

Or, perhaps, could you do something such as "route add -net 192.168.4.0
netmask 255.255.255.0 xl3" -- (forgive me, I come from a Linux
background and haven't done much with `route' under OpenBSD... the
syntax may be wrong, or route may not support this at all. :) -- which
might work better. :)

* Joe Albanese <joeya27_(_at_)_hotmail_(_dot_)_com> [001016 15:23]:
> I'm trying to set ipf with a dmz. The dmz is off of a third adapter
> separate from the internal network with it's own internet routable subnet.
> However, I can't get the packets to route from the dmz to internet. I can
> ping the firewall, and I've set up the ip routing flags. What actually does
> the routing in this case since I don't want to nat the dmz subnet?
>
> many thanks,
> Joe
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.
>
>



_________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at http://profiles.msn.com.