[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipnat/ipf config on obsd 2.9

Hi All,

I run obsd2.9 i386 with tun0 towards my isp and ne1 towards my private lan
I configured ipnat and ipf and connectivity is ok.

Let`s say client A on lan wants to connect to www.openbsd.org
then A sends his tcp request to the obsd gateway.
ipnat changes the private source ip address to 
its internet ip address (from tun0)
when openbsd.org answers to obsd gateway, ipnat changes back dst ip to 
the lan private ip address from A. and A gets the page.

my pb is :

in ipf.rules I can NOT set:
block in log quick on tun0 from any to

which would block packets destinated to my internal net.
If this rule is set I loose any king of connectivity (starting w not able to 
resolve names)

this is strange, when I do
tcpdump -a -s 1500 -i tun0
I receive packets with public ip addresses only
when i try to communicate from lan to outside (ipnat seems to work fine,
however ipf blocks these packets when the rule is set)

here is ipnat.rules :
map tun0 -> tun0/32 portmap tcp/udp 10000:20000
map tun0 -> tun0/32
map tun0 -> tun0/32 proxy port ftp ftp/tcp

Does someone see any pb here ?

Thank u for ur help