[OpenIndiana-discuss] masquerade

Jacob Ritorto jacob.ritorto at gmail.com
Thu Mar 10 02:19:53 UTC 2016


Check out NAT (network address translation)

On Wed, Mar 9, 2016 at 9:11 PM, <jay at m5.chicago.il.us> wrote:

>
> This should be a simple and short thread.
>
> How do I configure packet filter on my computer, with two network
> interfaces, to masquerade from my private LAN to the outside world, so
> machines on my private LAN can have conversations with machines that
> have public IP addresses?  Astonishingly, search engines have not led
> me swiftly to the solution (lots of stuff about sendmail masquerading
> though, in case anyone cares about that), nor can I find helpful
> documentation on the Oracle documents website.  I have done my best to
> read the fabulous manual, but I am confused.
>
> You can omit telling me about routeadm, I've already done that.  The
> computer is already set up to route IP datagrams, I just need to get
> the packet filtering right.
>
> Here is the state of my router machine at present:
>
>
>  / # ipadm show-addr
>  ADDROBJ           TYPE     STATE        ADDR
>  lo0/v4            static   ok           127.0.0.1/8
>  net0/dhcp         dhcp     ok           99.140.186.69/30
>  net1/v4           static   ok           192.168.1.42/24
>  net1/v4a          static   ok           172.16.1.1/16
>  lo0/v6            static   ok           ::1/128
>  / # ndd -get /dev/ip ip_forwarding
>  1
>  / # cat /etc/ipf/ipnat.conf
>  map net1 172.16.0.0/16 -> 0.0.0.0/32
>  map net1 192.168.1.0/24 -> 0.0.0.0/32
>  / # ipnat -l
>  List of active MAP/Redirect filters:
>  rdr * 0.0.0.0/0 port 21 -> 0.0.0.0/32 port 21 tcp proxy ftp
>  map net1 172.16.0.0/16 -> 0.0.0.0/32
>  map net1 192.168.1.0/24 -> 0.0.0.0/32
>
>  List of active sessions:
>  MAP 172.16.1.1      53    <- -> 192.168.1.42    53    [172.16.1.3 56138]
>  MAP 172.16.1.1      53    <- -> 192.168.1.42    53    [172.16.1.3 61524]
>  MAP 172.16.1.1      53    <- -> 192.168.1.42    53    [172.16.1.3 55160]
>  MAP 172.16.1.1      64496 <- -> 192.168.1.42    64496 [172.16.1.3 22]
>
>
> I can ssh in to machines (e.g., the abovementioned 172.16.1.3) on my
> home network, but once logged in, I cannot access the outside world
> therefrom (e.g., "ping 8.8.8.8" times out).  Needless to say,
> 172.16.1.1 is the default router for 172.16.1.3, so that is not the
> problem.  And, if further proof be needed, 172.16.1.3 can easily ping
> 99.140.186.69.  So the masquerading is the problem, not the routing.
> As I indicated, probably an extremely easy question to answer if you
> know the answer.  I'm sure it's something simple, like maybe the zeros
> are supposed to be on the left rather than the right, in ipnat.conf.
> Thank you in advance for any and all replies.
>
>
>                         Jay F. Shachter
>                         6424 N Whipple St
>                         Chicago IL  60645-4111
>                                 (1-773)7613784   landline
>                                 (1-410)9964737   GoogleVoice
>                                 jay at m5.chicago.il.us
>                                 http://m5.chicago.il.us
>
>                         "Quidquid latine dictum sit, altum videtur"
>
>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>


More information about the openindiana-discuss mailing list