I posted this request back on 13-MAY, but I haven't received any
responses (private or to the list). If there's some archive material I
can review, please pass along a pointer.
> Is there any way to utilize ipnat with ipf when running as a bridge?
>In particular, we'd like to redirect various services from one side of the
>bridge to a specific address on the other side of the bridge. FWIW, we're
>running IPF v3.3.18 under OpenBSD v2.8.
I should have also mentioned that the firewall is basically a turnkey
system...we can't really upgrade it.
>
> I tried using telnet as a test:
>
> In /etc/ipf.rules...
>
>pass in quick on <ext-if> proto tcp \
> from any to <telnet-IP> port = 23 flags S keep state
>
> In ipnat.rules...
>
>rdr <ext-if> <another-IP>/32 port 23 -> <telnet-IP> port 23 tcp
>
>The "<variables>" are just placeholders here for what, in practice, are actual
>entities (IP addresses or interfaces). Using `ipnat -l', I can see a session
>for the attempt I initiate from outside the firewall to <another-IP>:
>
>RDR <telnet-IP> 23 <- -> <another-IP> 23 [<outside-IP> 2496]
>
>
>...But the connection doesn't seem to get anywhere. (I don't see the expected
>login process initiate and the telnet client eventually times out.) Here,
>both <telnet-IP> and <another-IP> are behind (or inside) the firewall, and
><outside-IP> isn't. Assuming this should work, what other diagnostics could I
>enlist to help track down the problem?
>[...]
Thanks,
Mike
--
Michael T. Davis | Systems Specialist: CBE,MSE
E-mail: [EMAIL PROTECTED] | Departmental Networking/Computing
-or- [EMAIL PROTECTED] | The Ohio State University
http://www.ecr6.ohio-state.edu/~davism/ | 197 Watts, (614) 292-6928
