[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: port redirecting an aliased IP address etc...



HI there,

I just a few silly questions. 

When you are telneting to 213.161.124.49:80, where are you telneting
from -The OpenBSD Box or a computer contected via fxp0 ?

And do you see any rdr entries being formed ( ipnat -l )?

I would also take a look at the look at how the routing is working for
this. If 213.161.122.46 is a hop for 213.161.124.49-60 range  then I am
not sure what effect having the alias on the fxp0 interface will have.

Sorry if this doesn't make much sence. Should have been in bed hours
ago.

Warren

On Thu, 2001-12-06 at 23:19, Will Macdonald wrote:
> Hi everyone,
> 
> I have a 2.9 box doing NAT, IPSEC VPN, and basic IPF, which is basically 
> working fine. This has been assigned a real IP: 213.161.122.46. It is 
> also assigned about 6 IP as an alias, on a different network: 
> 213.161.124.49-60(<note 124, not 122). Not my choice, co-lo's way of 
> doing things.
> 
> All the servers are running on internal IP addresses 10.222.3.x. The 
> Internal interface of the OpenBSD box is 10.222.3.7
> 
> I am trying to get some of the aliased IPs to redirect to the internal 
> machines (eg 10.222.3.3), a linux webserver running AOLserver, plus we 
> have other servers.
> 
> ifconfig -A
> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>          media: Ethernet autoselect (10baseT)
>          status: active
>          inet6 fe80::202:b3ff:fe31:23a2%fxp0 prefixlen 64 scopeid 0x2
>          inet 213.161.122.46 netmask 0xfffffff0 broadcast 213.161.122.47
>          inet 213.161.124.58 netmask 0xffff0000 broadcast 213.161.255.255
>          inet 213.161.124.61 netmask 0xffff0000 broadcast 213.161.255.255
>          inet 213.161.124.49 netmask 0xffff0000 broadcast 213.161.255.255
> 
> I am using the following commands in /etc/ipnat.rules
> 
> rdr fxp0 213.161.124.58/32 port 25 -> 10.222.3.196 port 25
> rdr fxp0 213.161.124.49/32 port 80 -> 10.222.3.4 port 80
> rdr fxp0 213.161.124.49/32 port 25 -> 10.222.3.4 port 25
> rdr fxp0 213.161.124.58/32 port 80 -> 10.222.3.196 port 80
> rdr fxp0 213.161.124.58/32 port 143 -> 10.222.3.196 port 143
> rdr fxp0 213.161.124.58/32 port 1723 -> 10.222.3.196 port 1723
> rdr fxp0 213.161.124.58/32 port 0 -> 10.222.3.196 port 0 gre
> rdr fxp0 213.161.122.46/32 port 80 -> 10.222.3.3 port 80
> map fxp0 10.222.3.0/24 -> 213.161.122.46/32 portmap tcp/udp 9000:48000
> map fxp0 10.222.3.0/24 -> 213.161.122.46/32
> 
> The strange thing is when I try to telnet ont port 80 Ido get a response:
> 
> telnet 213.161.124.49 80
> Trying 213.161.124.49...
> Connected to 213.161.124.49 (213.161.124.49).
> Escape character is '^]'.
> ^]
> 
> telnet> quit
> Connection closed.
> 
> My question is, am I try something which is not possible, or am I doing 
> this completely wrong.
> 
> I have port rdr the 'Real' IP address on port 80 to one of the servers 
> internally, should it then be a problem to port rdr 80 on an IP alias to 
> a different server?
> 
> I have a feeling some of the netmasks got screwed up when we went 
> through changes recently, could that be causing the problem ??
> 
> Thanks VERY much for any help in advance,
> 
> Will Macdonald