NAT Masquerading Question

NAT Masquerading Question

Post by Steve » Mon, 19 Feb 2001 11:03:37



I was using a redhat box plugged into the cable modem to give access
to my other machines.  I now have repalced that machine with FreeBSD
and cant emulate the ipchains masquerading setup I had in linux.  I
have been playing with NAT and firewalling for hours.

I have my outside IP 24.0.39.134 and my internal network 10.10/16 and
I included all the firewalling, divert and other stuffin my kernel
that I found in various FAQs.   I also added all the NAT and
firewalling info to my /etc/rc.conf and nothing seems to work.

My external interface is xl0 and internal is exp0 and I got natd
listening on 8668 and all, but however many cofigurations I try I
can't get it to forward traffic for my internal machines.  Any help
with this would be awesome.  Thanks

 
 
 

NAT Masquerading Question

Post by Volker Sto » Mon, 19 Feb 2001 17:59:02



Quote:>listening on 8668 and all, but however many cofigurations I try I
>can't get it to forward traffic for my internal machines.  Any help
>with this would be awesome.  Thanks

I use a file /etc/natd.conf with
dynamic
use_sockets yes
same_ports yes

and the following lines in /etc/rc.conf:
natd_enable="YES"
natd_interface="tun0"
natd_flags="-f /etc/natd.conf"

If you want port-forwarding, you can use e.g.

redirect_port tcp 192.168.1.3:10000 10000
redirect_port udp 192.168.1.3:10000 10000

in /etc/natd.conf.
--
\usepackage[latin1]{inputenc}!


 
 
 

NAT Masquerading Question

Post by Michel Talo » Tue, 20 Feb 2001 07:54:34



> I was using a redhat box plugged into the cable modem to give access
> to my other machines.  I now have repalced that machine with FreeBSD
> and cant emulate the ipchains masquerading setup I had in linux.  I
> have been playing with NAT and firewalling for hours.
> I have my outside IP 24.0.39.134 and my internal network 10.10/16 and
> I included all the firewalling, divert and other stuffin my kernel
> that I found in various FAQs.   I also added all the NAT and
> firewalling info to my /etc/rc.conf and nothing seems to work.
> My external interface is xl0 and internal is exp0 and I got natd
> listening on 8668 and all, but however many cofigurations I try I
> can't get it to forward traffic for my internal machines.  Any help
> with this would be awesome.  Thanks

Have you forgotten to enable gateway in /etc/rc.conf?
Also you would perhaps be happier with ipfilter than ipfw+nat.

--
Michel Talon

 
 
 

1. NAT question (NOT masquerading)

HW/OS:  P133/64MB/2.1GB - 2 NICs (D-Link 10/100 PCI) eth0 (10.0.0.254)
internal, eth1 (111.22.33.1) external - RH7/kernel 2.2.16-22

ISP provides four static IPs via 10BT connection;  this RH box serves as  
gateway between ISP and LAN which runs on the 10s - gateway also running
DNS.

For most internal machines, masquerading (/sbin/ipchains -A forward -s
10.0.0.1 -j MASQ) is sufficient using one ipchains statement per
masqueraded box - no 10.0.0.0/xx.

I wish to pass *all* traffic from three of the four statics to three
internal boxes, e.g.  111.22.33.2 <--> 10.0.0.128,
111.22.33.3 <--> 10.0.0.129 and 111.22.33.4 <--> 10.0.0.130 - 111.22.33.1
is gateway machine.

Alias on eth1 (eth1:0 et cetera) w/ipchains is a scenario I could not get
to work.  The following NAT setup partially works, however ftp is screwy
along w/other oddities:

ip route add nat 111.22.33.2 via 10.0.0.128 table local
ip rule add from 10.0.0.128 nat 111.22.33.2 table main

This is suboptimal and there has to be a better way, however (so far as I
can determine) the docs/HOWTOs I can find do not address my situation.  In
a nutshell, I've no idea how to proceed.

If a Netopia r3100 pocket router can do full D-NAT (and did 'til DSL
became unavailable in my area), I should think RH7 would suffice.

I'll take care of firewall rules once I've viable NAT in place;  the
internal machines which I wish forwarded are RH, Slowaris and AIX - not
terribly vulnerable.  I just need to know where to begin...

Thanks in advance,

Russ Bixby, confused geek

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

2. Time order using cron

3. source NAT / masquerading on a dedicated server

4. Network drivers need restructuring (Anybody working on this?)

5. IP NAT and IP Masquerading

6. What does it mean?

7. IP Masquerading behind my ISP's NAT?

8. Where can i order linux SLS in France ?

9. NAT / Masquerading - Timeout values?

10. NAT, SNAT, Masquerading, Proxies and Routing. Huh??

11. FTP through NAT (masquerading) firewall?

12. Solaris8 and NAT: configuration for masquerading.

13. NAT (IP Masquerading) vs. Linux Gateway