I want to allow dns traffic from the internal(hme0) to external
network(hme1)
This is the ifocnonfig o/p:
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.18.0.254 netmask ffff0000 broadcast 172.18.255.255
ether 8:0:20:f5:1c:b6
hme0:1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 0.0.0.0 netmask 0
hme1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.2.254 netmask ffffff00 broadcast 192.168.2.255
ether 8:0:20:c8:14:18
These are the rules i have set in ipf.conf:
pass in quick on lo0
pass out quick on lo0
# ipfstat -io
block out on hme0 from any to any
pass out quick on hme0 from any to any
pass out quick on hme1 from any to any
pass in quick on lo0 from any to any
block in on hme0 from any to any
pass in quick on hme0 from any to any
pass in quick on hme1 from any to any
These are the rules i have set in ipnat:
# ipnat -l
List of active MAP/Redirect filters:
map hme0 192.168.2.0/24 -> 172.18.0.254/32 portmap udp auto
I am allowing all traffic thru the ipfilter, but i dont get any dns packets
on the other interface - i also used ethereal to check.
For masquerading, do we have to add "net.inet.ip.forwarding=1" to
/etc/sysctl.conf. ?
M.VISWANATH
Millenium Center,
85 Kutchery Road,
Mylapore,Chennai - 600004
Phone(O) :24616768 Ext 311,313
(R):044-24417140
Mobile :9840066012
