Hi all, I'm trying to setup a BSD box to act as a NAT gateway between private net and public Internet. My requirements is to map the src and destination of the packet according to a set of rules.
The BSD box has two public IP addresses. Depending on which interface the packet arrives on it will get routed to a different private destination address. I'm using ipnat with the following mapping on the NAT box. The Nat box has only 1 interface xl0 the ip addresses of this interface are: public 129.197,244.6/24,129.197.244.7/24, 129.197.244.8/24 private 10.77.1.2/24, 10.77.2.2/24 The servers on the private lan are 10.77.1.1/24 and 10.77.2.1/24 on two different subnets. to List of active MAP/Redirect filters: map xl0 129.197.244.7/32 -> 10.77.1.1/32 map xl0 129.197.244.8/32 -> 10.77.2.1/32 map xl0 10.77.1.1/32 -> 129.197.244.7/32 map xl0 10.77.2.1/32 -> 129.197.244.8/32 However I'm not getting the desired results. >From a computer with ip address of 129.197.244.2 I ping 129.197.244.8. I expect the >icmp packet to reach the BSDNAT box and get translated to the 10.77.2.1 address and >forwarded with src address of 10.77.2.2 out of xl0 to the particular server. Then >the server would reply back to 10.77.2.2 and it would get translated back to >129.197.244.2 with a source address of 129.197.244.8. But this is not happening. If the source of the Ping is a BSD box, the reply comes back as if I was routed to the destination server, but in reality its not being routed since the destination server doesn't see the packet for example: ping from Freebsd box Pinging 129.197.244.8 with 32 bytes of data: Reply from 10.77.2.1: bytes=32 time<10ms TTL=255 But 10.77.2.1 doesn't really see the ping packets. (verified using tcpdump and the delay metric which remains the same whether I ping 129.197.244.6) and ping from a windows box doesn't even get translated and times out. So In short I need someone to tell me the correct synthax to setup the mapping so that I can map any src and dst IP address into any other Src and dst address and retain the return path as well. thanks for your thoughts in advance, ~koroush _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
