Hi Robert,
Do you want to do static NAT or PAT ?
And your IP filter Darren Reed's ip-fil ?
If so, here shows a sample.
1: NAT rules.
Create a file (for example, nat.conf) on your NAT
box.
dnet0 is external interface on my NAT box.
hme0 for you.
bimap dnet0 192.168.1.5/32 -> 210.163.99.5/32
map dnet0 192.168.1.0/24 -> 210.163.99.6/32 portmap \
tcp/udp 50000:60000
First rule translates internal 192.168.1.5 to global
address space 210.163.99.5 and vv.
Second rule translates internal 192.168.1.0/24 except
192.168.1.5 to 210.163.99.6 (one way translation).
Of course 192.168.1.0/24 can communicate with external
world if the connection is initiated from internal.
2: ARP table.
Run arp on your NAT box to add arp table in order to
communicate with external world.
/usr/sbin/arp -s 210.163.99.5 00:c0:26:ff:01:e5 pub
/usr/sbin/arp -s 210.163.99.6 00:c0:26:ff:01:e5 pub
The ethernet address is external side MAC address.
hme0's MAC address should be put here.
Then, run next command.
/sbin/ipnat -CF -f nat.conf
No changes are required for your router.
At this moment, ip-fil 3.3.8 is the lates version but
3.3.6 is running solid on my NAT/Firewall box with
Solaris7/x86.
Hope this helps.
> I need help with my NAT rules
> I have ipfilter up and supposedly running on a duel NIC ultra 5 Sol7
> hme0
> 24.219.7.122 255.255.255.192 default gateway 24.219.7.126
> hme1
> 192.168.1.1 255.255.255.0
> I want to translate from my private LAN (accessible through hme1) through
> my gateway (accessible through hme0)
> PRIVATE
> LAN--------------------------hme1 --------Ultra5------hme0 -----------------
> -Router-----------INTERNET
> 192.168.1.1 to 192.168.1.255 192.168.1.1
> 24.219.7.121 24.219.7.126
> mask 255.255.255.0 mask 255.255.255.0 mask
> 255.255.255.192 mask 255.255.255.192
> I have 192.168.1.1 set as gateway for Private LAN machines
> I can ping hme1 and hme0 but can not get to the Internet.
> Thanks
> Robert McIntyre
> Robert G. McIntyre
> General Partner
> Intergrated Business Solutions
> 214 485 0224 Phone
> 214 485 0225 Fax
--
by