rdr - ipnat, problem

Efren Bravo Tue, 08 Nov 2005 11:02:51 -0800

Hi,

I've installed IPF/IPNAT on freeBSD box and map
command works well but rdr command has been a
headache for me.


I hope you can help me, I've written to
freebsd-questions mail list and bsdforum.org but
I haven't answers.

The problem seems to be quite complicated.

If you need more configuration data or log
messages, please write me.


This is my network layout:
--------------------------

[Pub. LAN] -- [vr0 (OS) sis0]
                        |
                  [lan switch]
                    |||
                    ||+-(Priv lan:7.96.160.x/24)
                    |+--(httpd:7.96.160.4)
                    +---(telnet:7.96.160.7)

OS: FreeBSD 5.4-RELEASE

if sis0: 7.96.160.13/24
if vr0 : 192.168.80.4/24

IPF Rules:
----------
The same of freebsd handbook 25.5.13 Example but
adjusted to httpd, telnet services.

pass in quick on vr0 proto tcp from any to
7.96.160.0/24 port = 80 flags S keep state
pass in quick on vr0 proto tcp from any to
7.96.160.0/24 port = 23 flags S keep state

I tried with pass ... from any to any port = ....
too, without results.

IPNAT Rules:
-----------
map vr0 7.96.160.0/24 -> 192.168.80.4/32
rdr vr0 192.168.80.4/32 port 80 -> 7.96.160.4
port 80
rdr vr0 192.168.80.4/32 port 23 -> 7.96.160.7
port 23

I tried with rdr before map too, without results

I get those statistics: ipnat -l:
-----------------------------
List of active sessions:
RDR 7.96.160.4 80 <- -> 192.168.80.4 80 
[192.168.80.15 3510]

ipfstat -t:
-----------
Source IP          Destination IP  ST  PR  #pkts
#bytes       ttl
192.168.80.15,3513 192.168.80.4,22 4/4 tcp  107  
12141 119:59:59
192.168.80.15,3510 7.96.160.4,80   2/0 tcp    6  
  288      2:00

And the logs /var/log/security:
-----------------------------
Nov  7 13:21:57 dhlmail ipmon[183]:
13:21:56.402419 vr0 @0:24 p 192.168.80.15,4363 ->
7.96.160.4,80 PR tcp len 20 48 -S K-S IN
Nov  7 13:21:57 dhlmail ipmon[183]:
13:21:56.402442 sis0 @0:24 p 192.168.80.15,4363
-> 7.96.160.4,80 PR tcp len 20 48 -S K-S OUT
Nov  7 13:22:00 dhlmail ipmon[183]:
13:21:59.459638 vr0 @0:24 p 192.168.80.15,4363 ->
7.96.160.4,80 PR tcp len 20 48 -S K-S IN
Nov  7 13:22:00 dhlmail ipmon[183]:
13:21:59.459654 sis0 @0:24 p 192.168.80.15,4363
-> 7.96.160.4,80 PR tcp len 20 48 -S K-S OUT


Thanks....

Efren Bravo.


                
______________________________________________ 
Renovamos el Correo Yahoo! 
Nuevos servicios, más seguridad 
http://correo.yahoo.es

rdr - ipnat, problem

Reply via email to