Is there any way to utilize ipnat with ipf when running as a bridge?
In particular, we'd like to redirect various services from one side of the
bridge to a specific address on the other side of the bridge. FWIW, we're
running IPF v3.3.18 under OpenBSD v2.8.
I tried using telnet as a test:
In /etc/ipf.rules...
pass in quick on <ext-if> proto tcp \
from any to <telnet-IP> port = 23 flags S keep state
In ipnat.rules...
rdr <ext-if> <another-IP>/32 port 23 -> <telnet-IP> port 23 tcp
The "<variables>" are just placeholders here for what, in practice, are actual
entities (IP addresses or interfaces). Using `ipnat -l', I can see a session
for the attempt I initiate from outside the firewall to <another-IP>:
RDR <telnet-IP> 23 <- -> <another-IP> 23 [<outside-IP> 2496]
...But the connection doesn't seem to get anywhere. (I don't see the expected
login process initiate and the telnet client eventually times out.) Here,
both <telnet-IP> and <another-IP> are behind (or inside) the firewall, and
<outside-IP> isn't. Assuming this should work, what other diagnostics could I
enlist to help track down the problem?
Thanks,
Mike
--
Michael T. Davis | Systems Specialist: CBE,MSE
E-mail: [EMAIL PROTECTED] | Departmental Networking/Computing
-or- [EMAIL PROTECTED] | The Ohio State University
http://www.ecr6.ohio-state.edu/~davism/ | 197 Watts, (614) 292-6928
