[OpenIndiana-discuss] IPNAT redirection.
Jonathan Adams
t12nslookup at gmail.com
Fri Apr 19 11:58:17 UTC 2013
On 19 April 2013 11:45, Gary Gendel <gary at genashor.com> wrote:
> Jon,
>
> I redirect ports fine using nat. I'm trying to understand what's
> different between your and my setup. For example in my ipnat.conf file I
> have:
>
> rdr bge0 0.0.0.0/0 port 2022 -> 10.101.1.9 port 22 tcp/udp
>
> Where bge0 is my external nic (bge1 is my internal nic). BTW, I use
> 0.0.0.0/0 so it automatically picks up my external nic's ip address (I've
> have pseudo-dynamic IP from my ISP).
>
>
I originally used 0.0.0.0/0 but was wondering if it was capturing packets
coming through so limited to the external IP address ...
I use ipnat happily on another machine for transparent proxying:
# redirect all port 80 transactions to squid
rdr internal2 any port 80 -> 192.168.0.82 port 3128
# NAT all port 443 (https) to the external address directly.
map external2 from any to 83.138.182.145 port = 443 -> 94.136.227.100/32
and that works a charm.
I modified ipf.conf to allow and log everything ... then lines from ipmon
are:
19/04/2013 12:53:30.895801 iprb0 @0:2 p n.n.180.45,46135 ->
192.168.0.12,143 PR tcp len 20 40 -R IN NAT
19/04/2013 12:53:30.895818 bge0 @0:1 p n.n.180.45,46135 -> 192.168.0.12,143
PR tcp len 20 40 -R OUT
19/04/2013 12:53:32.799328 iprb0 @0:2 p n.n.180.45,46607 ->
192.168.0.12,143 PR tcp len 20 52 -S IN NAT
19/04/2013 12:53:32.799344 bge0 @0:1 p n.n.180.45,46607 -> 192.168.0.12,143
PR tcp len 20 52 -S OUT
19/04/2013 12:53:36.176407 iprb0 @0:2 p n.n.180.45,46607 ->
192.168.0.12,143 PR tcp len 20 52 -S IN NAT
19/04/2013 12:53:36.176423 bge0 @0:1 p n.n.180.45,46607 -> 192.168.0.12,143
PR tcp len 20 52 -S OUT
19/04/2013 12:53:42.239530 bge0 @0:1 p 192.168.0.20,138 ->
192.168.0.255,138 PR udp len 20 267 IN mbcast
19/04/2013 12:53:42.935736 iprb0 @0:2 p n.n.180.45,46607 ->
192.168.0.12,143 PR tcp len 20 52 -S IN NAT
19/04/2013 12:53:42.935752 bge0 @0:1 p n.n.180.45,46607 -> 192.168.0.12,143
PR tcp len 20 52 -S OUT
but if I snoop from 192.168.0.12 there are no packets coming in.
strange ... I'm sure I'm just missing something little.
Jon
More information about the OpenIndiana-discuss
mailing list