[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipnat/rdr problem

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: ipnat/rdr problem
From: Clarence <c5666305_(_at_)_hkstar_(_dot_)_com>
Date: Thu, 18 Oct 2001 19:35:56 +0800 (HKT)

Hello ,

Here is the layout of our working environment.  The problem is the rdr
seems not working properly.  Any idea ? 

Clarence


              +------+         +------+
Internet  ____| OBSD | ------- | HUB  |
         rl0  |  2.9 | ne0     +------+
        /tun0 +------+            |----> Web server (192.168.1.250)
	        FW                |
	                          |----> users....


======= ipnat.rules ========
List of active MAP/Redirect filters:
rdr rl0 203.218.68.98/32 port 80 -> 192.168.1.250 port 80 tcp
rdr rl0 203.218.68.98/32 port 443 -> 192.168.1.250 port 443 tcp
map tun0 192.168.1.0/24  -> 203.218.68.98/32  proxy port ftp ftp/tcp
map tun0 192.168.1.0/24  -> 203.218.68.98/32  portmap tcp/udp 10000:20000
map tun0 192.168.1.0/24  -> 203.218.68.98/32 

List of active sessions:
==================================

===== ipfstat -hi output ======
0 block in log quick from any to any with short
0 block in log quick from 192.168.1.0/24 to any group 100

0 pass in quick proto tcp from any to 192.168.1.250/32 port = 80 flags S/SA keep state group 100
0 pass in quick proto tcp from any to 192.168.1.250/32 port = 443 flags S/SA keep state group 100

0 pass in quick proto tcp from any to any port = 25 flags S/SA keep state group 100
0 pass in quick proto tcp from any to any port = 110 flags S/SA keep state group 100
0 pass in quick proto tcp from 192.168.1.0/24 to any port = 22 flags S/SA keep state group 100
0 pass in on tun0 proto udp from any to any port = 53 keep state group 100
0 pass in on tun0 proto udp from any to any port = 517 keep state group 100
0 pass in on tun0 proto udp from any to any port = 518 keep state group 100
0 pass in quick proto icmp from any to any icmp-type echorep group 100
0 block in quick proto icmp from any to any group 100
0 block return-icmp in log proto udp from any to any group 100
0 block return-rst in log proto tcp from any to any group 100
755 block in on ne0 from any to any head 200
870 pass in quick from 192.168.1.0/24 to any group 200

Follow-Ups:
- Re: ipnat/rdr problem
  - From: Bruce Bauer

Prev by Date: isakmpd SA recovery
Next by Date: upgrading libutil
Previous by thread: isakmpd SA recovery
Next by thread: Re: ipnat/rdr problem
Index(es):
- Date
- Thread

Visit your host, monkey.org