Hi, I am encountering a problem with a machine I just recently set up as a NAT router. I am running 5.3-REL with ipfw and ipf loaded as modules (not compiled in). These are the ipnat rules I have set up:
(I replaced my external IP with 22.22.22.22). map sis0 192.168.1.0/24 -> 22.22.22.22/32 portmap tcp/udp auto rdr sis0 22.22.22.22/32 port 80 -> 192.168.1.7 port 80 rdr sis0 22.22.22.22/32 port 443 -> 192.168.1.7 port 443 rdr sis0 22.22.22.22/32 port 143 -> 192.168.1.5 port 143 rdr sis0 22.22.22.22/32 port 110 -> 192.168.1.5 port 110 rdr sis0 22.22.22.22/32 port 25 -> 192.168.1.5 port 25 rdr sis0 22.22.22.22/32 port 22 -> 192.168.1.7 port 22 rdr sis0 22.22.22.22/32 port 53 -> 192.168.1.7 port 53 IPFW is set to allow all. This works great for everything except for one small problem. Here is what I think describes the problem best. I sit down at an internal workstation (192.168.1.105), and type the things in brackets: [nslookup] [server 22.22.22.22] [www.yahoo.com] This is the response I get Server: 22-22-22-22.example.net Address: 22.22.22.22 *** 22-22-22-22.example.net can't find www.yahoo.com: No response from server Now, if I query the server 192.168.1.7 with nslookup, it works great, resolves www.yahoo.com for me no problem. So it looks like theres is some kind of problem with doing NAT translation to put the LAN's packets on the internet, and then realizing they are for an interface on the machine doing the NAT translation, then doing a port forward on that packet back into the LAN. Here is some more information that might help: traffic from the outside, to 22.22.22.22 port 80, is directed to 192.168.1.7 port 80 just fine. People are browsing the web site as we speak. Same with the other port redirects, as far as I can tell. It's just when trying to redirect traffic that originated inside the LAN when the problem comes up. What I've done to partially resolve this issue for now is I've set up HOSTS files on the LAN so that we can access our own web site (so ourwebsite.com is 192.168.1.7 in our local HOSTS files). Anyone have suggestions? Thanks, Dan _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
