[OpenIndiana-discuss] IPNAT redirection.

Jonathan Adams t12nslookup at gmail.com
Fri Apr 19 12:14:34 UTC 2013 

I kinda assumed that the packets would have been translated to be from the
machine on the firewall ... it was only after snooping from the firewall
that I noticed the originator ...

I'm going to have to "delegate" because I don't trust the windows server to
know anything about the outside world.

Ahh well ... another thing to write up on the internal wiki.

Thanks everyone.


On 19 April 2013 13:10, Gary Gendel <gary at genashor.com> wrote:

> We've all been there. :(
>
>
> On 04/19/2013 08:08 AM, Jonathan Adams wrote:
>
>> ignore me, i'm just being stupid!
>>
>> on the accelerated host I needed to add the route to the external server
>> :(
>>
>>
>> On 19 April 2013 12:58, Jonathan Adams <t12nslookup at gmail.com> wrote:
>>
>>  On 19 April 2013 11:45, Gary Gendel <gary at genashor.com> wrote:
>>>
>>>  Jon,
>>>>
>>>> I redirect ports fine using nat.  I'm trying to understand what's
>>>> different between your and my setup.  For example in my ipnat.conf file
>>>> I
>>>> have:
>>>>
>>>> rdr bge0 0.0.0.0/0 port 2022 -> 10.101.1.9 port 22 tcp/udp
>>>>
>>>> Where bge0 is my external nic (bge1 is my internal nic).  BTW, I use
>>>> 0.0.0.0/0 so it automatically picks up my external nic's ip address
>>>> (I've have pseudo-dynamic IP from my ISP).
>>>>
>>>>
>>>>  I originally used 0.0.0.0/0 but was wondering if it was capturing
>>> packets
>>> coming through so limited to the external IP address ...
>>>
>>> I use ipnat happily on another machine for transparent proxying:
>>>
>>> # redirect all port 80 transactions to squid
>>> rdr internal2 any port 80 -> 192.168.0.82 port 3128
>>>
>>> # NAT all port 443 (https) to the external address directly.
>>> map external2 from any to 83.138.182.145 port = 443 -> 94.136.227.100/32
>>>
>>> and that works a charm.
>>>
>>> I modified ipf.conf to allow and log everything ... then lines from ipmon
>>> are:
>>>
>>> 19/04/2013 12:53:30.895801 iprb0 @0:2 p n.n.180.45,46135 ->
>>> 192.168.0.12,143 PR tcp len 20 40 -R IN NAT
>>> 19/04/2013 12:53:30.895818 bge0 @0:1 p n.n.180.45,46135 ->
>>> 192.168.0.12,143 PR tcp len 20 40 -R OUT
>>> 19/04/2013 12:53:32.799328 iprb0 @0:2 p n.n.180.45,46607 ->
>>> 192.168.0.12,143 PR tcp len 20 52 -S IN NAT
>>> 19/04/2013 12:53:32.799344 bge0 @0:1 p n.n.180.45,46607 ->
>>> 192.168.0.12,143 PR tcp len 20 52 -S OUT
>>> 19/04/2013 12:53:36.176407 iprb0 @0:2 p n.n.180.45,46607 ->
>>> 192.168.0.12,143 PR tcp len 20 52 -S IN NAT
>>> 19/04/2013 12:53:36.176423 bge0 @0:1 p n.n.180.45,46607 ->
>>> 192.168.0.12,143 PR tcp len 20 52 -S OUT
>>> 19/04/2013 12:53:42.239530 bge0 @0:1 p 192.168.0.20,138 ->
>>> 192.168.0.255,138 PR udp len 20 267 IN mbcast
>>> 19/04/2013 12:53:42.935736 iprb0 @0:2 p n.n.180.45,46607 ->
>>> 192.168.0.12,143 PR tcp len 20 52 -S IN NAT
>>> 19/04/2013 12:53:42.935752 bge0 @0:1 p n.n.180.45,46607 ->
>>> 192.168.0.12,143 PR tcp len 20 52 -S OUT
>>>
>>> but if I snoop from 192.168.0.12 there are no packets coming in.
>>>
>>> strange ... I'm sure I'm just missing something little.
>>>
>>> Jon
>>>
>>>  ______________________________**_________________
>> OpenIndiana-discuss mailing list
>> OpenIndiana-discuss@**openindiana.org<OpenIndiana-discuss at openindiana.org>
>> http://openindiana.org/**mailman/listinfo/openindiana-**discuss<http://openindiana.org/mailman/listinfo/openindiana-discuss>
>>
>
>
> ______________________________**_________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss@**openindiana.org<OpenIndiana-discuss at openindiana.org>
> http://openindiana.org/**mailman/listinfo/openindiana-**discuss<http://openindiana.org/mailman/listinfo/openindiana-discuss>
>

More information about the OpenIndiana-discuss mailing list