Subject: Need help on rdr / IPNAT
To: None <netbsd-help@netbsd.org>
From: Pankaj Jain <pankajj@beyond.com>
List: netbsd-help
Date: 12/11/2000 10:36:40
This is a multi-part message in MIME format.
------=_NextPart_000_0031_01C0635E.3F221DD0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi !
I have the firewall running on NetBSD 1.4.2 which is pre-configured by
http://www.dubbele.com . Thanks to dubbele techs for that.
I was trying to add rdr in ipnat.conf for redirecting the web server =
traffic
to other m/c on local network from firewall m/c. But no luck.
So i would really appriciate if somebody has clue what am i doing wrong
here.
Here is the all the info you might need :
XX.XX.XX.XX ------> Static IP
Firewall m/c has the 2 network card.
********************************************************
>>>ifconfig -a
ne2: flags=3D8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu =
1500
address: 00:50:ba:a2:da:df
media: Ethernet autoselect (10baseT)
inet XX.XX.XX.XX netmask 0xffffff00 broadcast 198.144.206.255
ne3: flags=3D8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu =
1500
address: 00:50:ba:a2:d3:fe
media: Ethernet autoselect (10baseT)
inet 192.168.1.250 netmask 0xffffff00 broadcast 192.168.1.255
lo0: flags=3D8009<UP,LOOPBACK,MULTICAST> mtu 32976
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=3Dc010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=3Dc010<POINTOPOINT,LINK2,MULTICAST> mtu 296
********************************************************
>>cat ipf.conf
#!/sbin/ipf -f -
#
# Prevent IP spoofing.
# Commented next 1 line by Pankaj
#block in quick all with short
pass in all
pass out all
********************************************************
cat ipnat.conf
#!/sbin/ipnat -f -
#
# THIS IS WRITTEN FOR IP FILTER 3.2
#
# ne2 - (external) connection to ISP, address XX.XX.XX.XX/32
#
# ne3 - (internal) network interface, address 192.168.1.250/32
#
#
map ne2 192.168.1.250/24 -> XX.XX.XX.XX/32 portmap tcp/udp 40000:60000
map ne2 192.168.1.250/24 -> XX.XX.XX.XX/32
#
#
#To make ftp work, using the internal ftp proxy, use:
#
map ne2 192.168.1.250/24 -> XX.XX.XX.XX/32 proxy port ftp ftp/tcp
#
#Added By Pankaj to do redirect web server traffic
rdr ne2 XX.XX.XX.XX/32 port 80 -> 192.168.1.104 port 8080 tcp
********************************************************
in rc.conf
# For Web server traffic redirect
gateway_enable=3D"YES"
********************************************************
cat sysctl.conf
net.inet.ip.forwarding=3D1
********************************************************
I am not sure that how do i make sure that port 80 on firewall m/c is =
open.
I checked /etc/services , line for port 80 is not commented.
Thanks for all your help in !
Cheers
Pankaj Jain
pankajj@tsoft.com
------=_NextPart_000_0031_01C0635E.3F221DD0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3207.2500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial><PRE>Hi !</PRE><PRE>
I have the firewall running on NetBSD 1.4.2 which is pre-configured by
<A href=3D"http://www.dubbele.com/">http://www.dubbele.com</A> . Thanks =
to dubbele techs for that.
I was trying to add rdr in ipnat.conf for redirecting the web server =
traffic
to other m/c on local network from firewall m/c. But no luck.
So i would really appriciate if somebody has clue what am i doing wrong
here.
Here is the all the info you might need :
XX.XX.XX.XX ------> Static IP
Firewall m/c has the 2 network card.
********************************************************
>>>ifconfig -a
ne2: =
flags=3D8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> =
mtu 1500
address: 00:50:ba:a2:da:df
media: Ethernet autoselect (10baseT)
inet XX.XX.XX.XX netmask 0xffffff00 broadcast 198.144.206.255
ne3: =
flags=3D8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> =
mtu 1500
address: 00:50:ba:a2:d3:fe
media: Ethernet autoselect (10baseT)
inet 192.168.1.250 netmask 0xffffff00 broadcast 192.168.1.255
lo0: flags=3D8009<UP,LOOPBACK,MULTICAST> mtu 32976
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=3D8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=3Dc010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=3Dc010<POINTOPOINT,LINK2,MULTICAST> mtu 296
********************************************************
>>cat ipf.conf
#!/sbin/ipf -f -
#
# Prevent IP spoofing.
# Commented next 1 line by Pankaj
#block in quick all with short
pass in all
pass out all
********************************************************
cat ipnat.conf
#!/sbin/ipnat -f -
#
# THIS IS WRITTEN FOR IP FILTER 3.2
#
# ne2 - (external) connection to ISP, address XX.XX.XX.XX/32
#
# ne3 - (internal) network interface, address 192.168.1.250/32
#
#
map ne2 192.168.1.250/24 -> XX.XX.XX.XX/32 portmap tcp/udp =
40000:60000
map ne2 192.168.1.250/24 -> XX.XX.XX.XX/32
#
#
#To make ftp work, using the internal ftp proxy, use:
#
map ne2 192.168.1.250/24 -> XX.XX.XX.XX/32 proxy port ftp ftp/tcp
#
#Added By Pankaj to do redirect web server traffic
rdr ne2 XX.XX.XX.XX/32 port 80 -> 192.168.1.104 port 8080 tcp
********************************************************
in rc.conf
# For Web server traffic redirect
gateway_enable=3D"YES"
********************************************************
cat sysctl.conf
net.inet.ip.forwarding=3D1
********************************************************
I am not sure that how do i make sure that port 80 on firewall m/c is =
open.
I checked /etc/services , line for port 80 is not commented.
Thanks for all your help in !
Cheers
Pankaj Jain
pankajj@tsoft.com
</PRE></FONT></DIV></BODY></HTML>
------=_NextPart_000_0031_01C0635E.3F221DD0--