[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Yet another RDR problem



> On Sat, 12 May 2001, Greg Thomas wrote:
> > rdr ne3 207.141.40.163/32 port 81 -> 192.168.1.11 port 80
>               ^^^
> Typo?
> 

Definitely, thanks for the second pair of eyes.  However, now I show a RDR
in ipnat -l:

List of active MAP/Redirect filters:
rdr ne3 207.171.40.163/32 port 81 -> 192.168.1.11 port 8888 tcp
map ne3 192.168.1.0/24  -> 207.171.40.163/32  portmap tcp/udp 10000:60000
map ne3 192.168.1.0/24  -> 207.171.40.163/32 

List of active sessions:
MAP 192.168.1.11    38595 <- -> 207.171.40.163  10005 [207.171.0.150 110]
RDR 192.168.1.11    80    <- -> 207.171.40.163  81    [4.18.35.63 1875]
RDR 192.168.1.11    80    <- -> 207.171.40.163  81    [4.18.35.63 1874]


But on my 192.168.1.11 nothing shows up in netstat.  My webserver is up
on 192.168.1.11 as I can connect with no problem from 207.171.40.163.

Any other ideas?

I don't need to allow these connections in ipf.rules do I?  My
understanding is that ipnat happens before ipf.

Below is my previous message corrected:

/etc/ipnat.rules:

rdr ne3 207.171.40.163/32 port 81 -> 192.168.1.11 port 80
map ne3 192.168.1.0/24 -> 207.171.40.163/32 portmap tcp/udp 10000:60000
map ne3 192.168.1.0/24 -> 207.171.40.163/32 

ne3 is my external interface with address 207.171.40.163, dc0 is my
internal one with address 192.168.1.1.

Everything except for 22, 25, 53, 80, and 443 is blocked via ipf but this
shouldn't matter since ipnat evaluates first, right?