[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT Oddities w/new system

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: NAT Oddities w/new system
From: Rémi Guyomarch <rguyom_(_at_)_pobox_(_dot_)_com>
Date: Sat, 4 Aug 2001 21:12:05 +0200

On Sat, Aug 04, 2001 at 11:18:32AM -0700, Alex Le Fevre wrote:
...
> Currently, my ipnat.rules are:
> 
> map xl0 192.168.2.0/24 -> 209.190.205.236/32 portmap tcp/udp 0:60000
> map xl0 192.168.2.0/24 -> 209.190.205.236/32
> map xl0 192.168.2.0/24 -> 209.190.205.236/32 proxy port ftp ftp/tcp
> 
> xl0 is, obviously, my internally connected NIC, with an IP of
> 192.168.2.69; dc0 is my DSL line, connected to the ISP.

- you should 'map' on the external interface (the one which has the
address 209.190.205.236) ;
- instead of "0:60000" use the keyword "auto" ;
- you have to put the 'proxy port ftp' before the other 'map'
statements ;
- if you want to use the in-kernel ftp proxy for the ftp connection
of the box itself, add another "proxy port ftp ftp/tcp" line with the
external address on both side of the "->".

So :

map <if> 192.168.2.0/24 -> 209.190.205.236/32 proxy port ftp ftp/tcp
map <if> 192.168.2.0/24 -> 209.190.205.236/32 portmap tcp/udp auto
map <if> 192.168.2.0/24 -> 209.190.205.236/32
map <if> 209.190.205.236/32 -> 209.190.205.236/32 proxy port ftp ftp/tcp

where <if> is either dc0, tun0 or ppp0, depending on how you're
connecting to your DSL line.

-- 
Rémi

Follow-Ups:
- Re: NAT Oddities w/new system
  - From: Alex Le Fevre

References:
- NAT Oddities w/new system
  - From: Alex Le Fevre

Prev by Date: Re: Tape drive (IDE)
Next by Date: Re: IPNAT rdr from inside to static IPs?
Previous by thread: NAT Oddities w/new system
Next by thread: Re: NAT Oddities w/new system
Index(es):
- Date
- Thread

Visit your host, monkey.org