[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT problem



On Mon, Dec 18, 2000 at 12:32:51PM -0600, mshaw_(_at_)_mediapotential_(_dot_)_com wrote:

> Check out www.openlysecure.org

Thanks, that was what I needed...

It works now. I had not really understood the sequence of filtering
and translation. I added a few rules for ipf and now it looks like
this (snipped for brevity):

--8<--
### local network interface
block in log on fxp0 all head 100
  pass in quick from 192.168.100.0/24 to 192.168.100.0/24 group 100
  pass in quick from 192.168.100.0/24 to any group 100
block out log on fxp0 all head 200
  pass out quick from 192.168.100.0/24 to 192.168.100.0/24 group 200
  pass out quick from any to 192.168.100.0/24 group 200
### external network interface
block in  log on le0 all head 300
block out log on le0 all head 400
  pass out quick proto tcp  from 192.168.100.0/24 to any keep state group 400
  pass out quick proto udp  from 192.168.100.0/24 to any keep state group 400
  pass out quick proto icmp from 192.168.100.0/24 to any keep state group 400
  pass out quick proto tcp  from le0 to any keep state group 400
  pass out quick proto udp  from le0 to any keep state group 400
  pass out quick proto icmp from le0 to any keep state group 400
--8<--

And I changed ipnat.rules according to the tip from
Bruce Bauer <bruce_(_at_)_specialdevices_(_dot_)_com>, thanks Bruce:

--8<--
map le0 192.168.100.0/24 -> le0/32 proxy port ftp ftp/tcp
map le0 192.168.100.0/24 -> le0/32 portmap tcp/udp 1025:65000
map le0 192.168.100.0/24 -> le0/32
--8<--

Thanks to all who took their time to answer!

        /regards Anton
--
Profanity is the one language all programmers now best.