[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: port redirecting an aliased IP address etc...
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: port redirecting an aliased IP address etc...
- From: "Warren J. Beckett" <username_(_at_)_bigpond_(_dot_)_net_(_dot_)_au>
- Date: 07 Dec 2001 00:40:32 +1100
I just a few silly questions.
When you are telneting to 184.108.40.206:80, where are you telneting
from -The OpenBSD Box or a computer contected via fxp0 ?
And do you see any rdr entries being formed ( ipnat -l )?
I would also take a look at the look at how the routing is working for
this. If 220.127.116.11 is a hop for 18.104.22.168-60 range then I am
not sure what effect having the alias on the fxp0 interface will have.
Sorry if this doesn't make much sence. Should have been in bed hours
On Thu, 2001-12-06 at 23:19, Will Macdonald wrote:
> Hi everyone,
> I have a 2.9 box doing NAT, IPSEC VPN, and basic IPF, which is basically
> working fine. This has been assigned a real IP: 22.214.171.124. It is
> also assigned about 6 IP as an alias, on a different network:
> 126.96.36.199-60(<note 124, not 122). Not my choice, co-lo's way of
> doing things.
> All the servers are running on internal IP addresses 10.222.3.x. The
> Internal interface of the OpenBSD box is 10.222.3.7
> I am trying to get some of the aliased IPs to redirect to the internal
> machines (eg 10.222.3.3), a linux webserver running AOLserver, plus we
> have other servers.
> ifconfig -A
> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> media: Ethernet autoselect (10baseT)
> status: active
> inet6 fe80::202:b3ff:fe31:23a2%fxp0 prefixlen 64 scopeid 0x2
> inet 188.8.131.52 netmask 0xfffffff0 broadcast 184.108.40.206
> inet 220.127.116.11 netmask 0xffff0000 broadcast 18.104.22.168
> inet 22.214.171.124 netmask 0xffff0000 broadcast 126.96.36.199
> inet 188.8.131.52 netmask 0xffff0000 broadcast 184.108.40.206
> I am using the following commands in /etc/ipnat.rules
> rdr fxp0 220.127.116.11/32 port 25 -> 10.222.3.196 port 25
> rdr fxp0 18.104.22.168/32 port 80 -> 10.222.3.4 port 80
> rdr fxp0 22.214.171.124/32 port 25 -> 10.222.3.4 port 25
> rdr fxp0 126.96.36.199/32 port 80 -> 10.222.3.196 port 80
> rdr fxp0 188.8.131.52/32 port 143 -> 10.222.3.196 port 143
> rdr fxp0 184.108.40.206/32 port 1723 -> 10.222.3.196 port 1723
> rdr fxp0 220.127.116.11/32 port 0 -> 10.222.3.196 port 0 gre
> rdr fxp0 18.104.22.168/32 port 80 -> 10.222.3.3 port 80
> map fxp0 10.222.3.0/24 -> 22.214.171.124/32 portmap tcp/udp 9000:48000
> map fxp0 10.222.3.0/24 -> 126.96.36.199/32
> The strange thing is when I try to telnet ont port 80 Ido get a response:
> telnet 188.8.131.52 80
> Trying 184.108.40.206...
> Connected to 220.127.116.11 (18.104.22.168).
> Escape character is '^]'.
> telnet> quit
> Connection closed.
> My question is, am I try something which is not possible, or am I doing
> this completely wrong.
> I have port rdr the 'Real' IP address on port 80 to one of the servers
> internally, should it then be a problem to port rdr 80 on an IP alias to
> a different server?
> I have a feeling some of the netmasks got screwed up when we went
> through changes recently, could that be causing the problem ??
> Thanks VERY much for any help in advance,
> Will Macdonald