[OpenIndiana-discuss] masquerade
Jacob Ritorto
jacob.ritorto at gmail.com
Thu Mar 10 02:19:53 UTC 2016
Check out NAT (network address translation)
On Wed, Mar 9, 2016 at 9:11 PM, <jay at m5.chicago.il.us> wrote:
>
> This should be a simple and short thread.
>
> How do I configure packet filter on my computer, with two network
> interfaces, to masquerade from my private LAN to the outside world, so
> machines on my private LAN can have conversations with machines that
> have public IP addresses? Astonishingly, search engines have not led
> me swiftly to the solution (lots of stuff about sendmail masquerading
> though, in case anyone cares about that), nor can I find helpful
> documentation on the Oracle documents website. I have done my best to
> read the fabulous manual, but I am confused.
>
> You can omit telling me about routeadm, I've already done that. The
> computer is already set up to route IP datagrams, I just need to get
> the packet filtering right.
>
> Here is the state of my router machine at present:
>
>
> / # ipadm show-addr
> ADDROBJ TYPE STATE ADDR
> lo0/v4 static ok 127.0.0.1/8
> net0/dhcp dhcp ok 99.140.186.69/30
> net1/v4 static ok 192.168.1.42/24
> net1/v4a static ok 172.16.1.1/16
> lo0/v6 static ok ::1/128
> / # ndd -get /dev/ip ip_forwarding
> 1
> / # cat /etc/ipf/ipnat.conf
> map net1 172.16.0.0/16 -> 0.0.0.0/32
> map net1 192.168.1.0/24 -> 0.0.0.0/32
> / # ipnat -l
> List of active MAP/Redirect filters:
> rdr * 0.0.0.0/0 port 21 -> 0.0.0.0/32 port 21 tcp proxy ftp
> map net1 172.16.0.0/16 -> 0.0.0.0/32
> map net1 192.168.1.0/24 -> 0.0.0.0/32
>
> List of active sessions:
> MAP 172.16.1.1 53 <- -> 192.168.1.42 53 [172.16.1.3 56138]
> MAP 172.16.1.1 53 <- -> 192.168.1.42 53 [172.16.1.3 61524]
> MAP 172.16.1.1 53 <- -> 192.168.1.42 53 [172.16.1.3 55160]
> MAP 172.16.1.1 64496 <- -> 192.168.1.42 64496 [172.16.1.3 22]
>
>
> I can ssh in to machines (e.g., the abovementioned 172.16.1.3) on my
> home network, but once logged in, I cannot access the outside world
> therefrom (e.g., "ping 8.8.8.8" times out). Needless to say,
> 172.16.1.1 is the default router for 172.16.1.3, so that is not the
> problem. And, if further proof be needed, 172.16.1.3 can easily ping
> 99.140.186.69. So the masquerading is the problem, not the routing.
> As I indicated, probably an extremely easy question to answer if you
> know the answer. I'm sure it's something simple, like maybe the zeros
> are supposed to be on the left rather than the right, in ipnat.conf.
> Thank you in advance for any and all replies.
>
>
> Jay F. Shachter
> 6424 N Whipple St
> Chicago IL 60645-4111
> (1-773)7613784 landline
> (1-410)9964737 GoogleVoice
> jay at m5.chicago.il.us
> http://m5.chicago.il.us
>
> "Quidquid latine dictum sit, altum videtur"
>
>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
More information about the openindiana-discuss
mailing list