Kernel: IP Filter: v3.4.16
On Free BSD 4.3 & 4.4 ?
-----Original Message-----
From: Tony Hamrick [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 3:12 PM
To: [EMAIL PROTECTED]
Subject: Nat question
Any help or insight would be much appreciated. I've read IPFilter How-To many times, heres my question.
I'm natting & filtering(my filtering is passing everything including icmp).
From outside the firewall (via fxp0) I want to be able to see/ping a server
via both its internal ip (172.25.26.x) and via its natted public ip (65.xx.xx.xx)
by using a bimap statement. (see Board 1 below) I can ping/access Board 1 via its public ip only,
not its internal ip.If I use the two lines for fs1.qa below, then I can ping fs1.qa via both its natted internal and
public ip address. Am I really doing this the right way for fs1.qa to access that device
via both its public & private IP? Or is there a better way ?fw# cat /etc/ipnat.cf
# Board 1
bimap fxp0 172.25.28.26/32 -> 65.xx.xx.132/32# fs1.qa
bimap fxp0 172.25.26.38/32 -> 65.xx.xx.238/32
rdr fxp0 172.25.26.38/32 port 0 -> 172.25.26.38 port 0 tcpudpicmp# fs0.qa.ctr
bimap fxp0 172.25.26.11/32 -> 65.xx.xx.243/32
rdr fxp0 172.25.26.11/32 port 0 -> 172.25.26.11 port 0 tcpudpicmpapp0.qa.ctr
bimap fxp0 172.25.26.22/32 -> 172.25.26.22/32Version of IPF running on Freebsd 4.3:
ipf: IP Filter: v3.4.16 (264)
Kernel: IP Filter: v3.4.16
Running: yes
Log Flags: 0 = none set
Default: block all, Logging: available
Active list: 0In My rc.conf file:
gateway_enable="YES"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.cf"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.cf"Tony Hamrick
Network Administration
