Re: nat or routing problem?

Mitja Fri, 08 Dec 2006 01:34:19 -0800

Andreas Bihlmaier wrote:
> On Thu, Dec 07, 2006 at 11:27:11PM +0100, Mitja wrote:
>> Hello,
>>
>> I am trying to configure nat from internal network 192.168.1.0/24 to
>> external nat gateway address 193.189.180.193. The problem is that
>> packets are not passing from nat gateway to the interface 193.77.12.154
>> to the internet.
>>
>> ISP <-> 193.77.12.154 -- hostA -- 192.168.1.1
>>                            |
>>                      193.189.180.193 (em1)
>>                            |
>>                        /27 network
>>
>> All hosts on 193.189.180.192/27 are routed correctly through
>> 193.77.12.154 to internet. My pf.conf is practically empty:
>>
>> # pfctl -s all
>> TRANSLATION RULES:
>> nat on em1 inet from 192.168.1.0/24 to any -> (em1:0)
>> rdr pass on em1 inet proto tcp from any to any port = 5900 ->
>> 192.168.1.111 port 5900
>>
>> FILTER RULES:
>> pass in all keep state
>> pass out all keep state
>> No queue in use
>>
>> What I am doing wrong? Any suggestions?
> 
> #grep forwarding /etc/sysctl.conf


Enabled...

net.inet.ip.forwarding=1        # 1=Permit forwarding (routing) of IPv4
packets
#net.inet.ip.mforwarding=1      # 1=Permit forwarding (routing) of IPv4
multicast packets
#net.inet6.ip6.forwarding=1     # 1=Permit forwarding (routing) of IPv6
packets
#net.inet6.ip6.accept_rtadv=1   # 1=Permit IPv6 autoconf (forwarding
must be 0)

For additional info:

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use    Mtu
Interface
default            193.77.12.153      UGS         9    63486      -   bge0
127/8              127.0.0.1          UGRS        0        0  33224   lo0
127.0.0.1          127.0.0.1          UH          1       92  33224   lo0
172.16.15.4/30     link#4             UC          1        0      -   bge1
172.16.15.5        00:05:85:86:84:7e  UHLc        1        0      -   bge1
172.16.16.6        172.16.15.5        UGHS        2    18739      -   bge1
192.168.1/24       link#1             UC          2        0      -   em0
192.168.1.20       00:0f:1f:02:44:1f  UHLc        0       10      -   em0
192.168.1.111      00:60:97:82:73:ce  UHLc        0        0      -   em0
193.77.12.152/30   link#3             UC          1        0      -   bge0
193.77.12.153      00:05:85:86:84:7e  UHLc        1        0      -   bge0
193.189.180.192/27 link#2             UC          5        0      -   em1
224/4              127.0.0.1          URS         0        0  33224   lo0

Encap:
Source             Port  Destination        Port  Proto
SA(Address/Proto/Type/Direction)
10.1.1/24          0     192.168.1/24       0     0
172.16.16.6/esp/use/in
192.168.1/24       0     10.1.1/24          0     0
172.16.16.6/esp/require/out
172.16.16.6/32     0     172.16.15.6/32     0     0
172.16.16.6/esp/use/in
172.16.15.6/32     0     172.16.16.6/32     0     0
172.16.16.6/esp/require/out
193.189.180.128/27 0     default            0     0
172.16.16.6/esp/use/in
default            0     193.189.180.128/27 0     0
172.16.16.6/esp/require/out


Regards,
Mitja

Re: nat or routing problem?

Reply via email to