Subject: Re: ipnat - rdr rules
To: Al B. Snell <alaric@alaric-snell.com>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-misc
Date: 02/25/2001 16:45:45
On Sat, Feb 24, 2001 at 01:07:38AM +0000, Al B. Snell wrote:
>
> Ok, I have a situation where a server sits on a private non-routed LAN
> (10.3.*), along with a machine that has an external network connection.
>
> The external facing machine has three aliases IP addresses on it's
> external interface, and I want all traffic to those to go to the
> corresponding three internal non-routed IPs.
>
> Currently, I have rdr rules for individual ports:
>
> rdr fxp0 1.2.3.70/32 port 80 -> 10.3.0.2 port 80 tcp
> rdr fxp0 1.2.3.70/32 port 21 -> 10.3.0.2 port 21 tcp
> rdr fxp0 1.2.3.70/32 port 110 -> 10.3.0.2 port 110 tcp
> rdr fxp0 1.2.3.70/32 port 25 -> 10.3.0.2 port 25 tcp
> rdr fxp0 1.2.3.70/32 port 443 -> 10.3.0.2 port 443 tcp
> rdr fxp0 1.2.3.70/32 port 7070 -> 10.3.0.2 port 7070 tcp
> rdr fxp0 1.2.3.71/32 port 80 -> 10.3.0.3 port 80 tcp
> rdr fxp0 1.2.3.71/32 port 21 -> 10.3.0.3 port 21 tcp
> rdr fxp0 1.2.3.71/32 port 110 -> 10.3.0.3 port 110 tcp
> rdr fxp0 1.2.3.71/32 port 25 -> 10.3.0.3 port 25 tcp
> rdr fxp0 1.2.3.71/32 port 443 -> 10.3.0.3 port 443 tcp
> rdr fxp0 1.2.3.71/32 port 7070 -> 10.3.0.3 port 7070 tcp
> rdr fxp0 1.2.3.72/32 port 5631 -> 10.3.0.4 port 5631 udp
>
> ....but I'd ideally like to just map the entire port ranges for each IP in
> turn, and use IP filters to restrict that as I wish to.
>
> I also need the internal interfaces to be able to talk to the Internet, as
> if from the external IPs. Will this work:
>
> map fxp0 10.3.0.2/32 -> 1.2.3.70/32
> map fxp0 10.3.0.3/32 -> 1.2.3.71/32
> map fxp0 10.3.0.4/32 -> 1.2.3.73/32
>
> ....that's the kind of rule layout I'd like to be using for the rdrs.
>
> bimap isn't very well explained in the man page (well, I don't understand
> it anyway :-). Is that what I really need?
Yes, I think it'll do what you want here:
bimap fxp0 10.3.0.2/32 -> 1.2.3.70/32
bimap fxp0 10.3.0.3/32 -> 1.2.3.71/32
bimap fxp0 10.3.0.4/32 -> 1.2.3.73/32
Or maybe it's reversed:
bimap fxp0 1.2.3.70/32 -> 10.3.0.2/32
bimap fxp0 1.2.3.71/32 -> 10.3.0.3/32
bimap fxp0 1.2.3.73/32 -> 10.3.0.4/32
You're rigth, it's not very well explained :)
--
Manuel Bouyer <bouyer@antioche.eu.org>
--