NAT Question: (building on my previous post)

NAT Question: (building on my previous post)

Post by R.T Hamilton Brow » Fri, 31 Mar 2000 04:00:00



Would this be correct? ne3 is a nic card connected to a cable modem
using dhcp, using the same configuration the installation program
created. ne4 is my "internal" network attached to a switch's uplink
port.

map ne4 10.9.8.7/24 -> ne3/32 portmap tcp/udp 10000:20000

Is that it? Is there anything else to configure? I've got ipf enabled,
rc.conf edited, the kernel is modified...Can't say I've succeeded yet,
but I'd like to verify the logic.

Thanks!

 
 
 

NAT Question: (building on my previous post)

Post by Janne Himank » Sat, 01 Apr 2000 04:00:00


    RT> Would this be correct? ne3 is a nic card connected to a cable
    RT> modem using dhcp, using the same configuration the
    RT> installation program created. ne4 is my "internal" network
    RT> attached to a switch's uplink port.

    RT> map ne4 10.9.8.7/24 -> ne3/32 portmap tcp/udp 10000:20000

    RT> Is that it? Is there anything else to configure? I've got ipf
    RT> enabled, rc.conf edited, the kernel is modified...Can't say
    RT> I've succeeded yet, but I'd like to verify the logic.

I think there's a mixup with the interfaces. I have a similar
configuration: ne3 to outside world, ne4 internal private network. It
looks like this:

map ne3 192.168.1.0/24 -> XXX.XXX.XXX.XXX/32 proxy port ftp ftp/tcp
map ne3 192.168.1.0/24 -> XXX.XXX.XXX.XXX/32 portmap tcp/udp 10000:60000
map ne3 192.168.1.0/24 -> XXX.XXX.XXX.XXX/32

Here 192.168.1.0 is my internal network, XXX.XXX.XXX.XXX is the
complete ip address of my router/nat/whatever openbsd box. I think you
could substitute XXX.XXX.XXX.XXX/32 with ne3/32 but I haven't tried
that.

Janne
--

      ut imber aquas         + Oulu University, Learning
      at cave! vacca volat.  + and Research Services

 
 
 

NAT Question: (building on my previous post)

Post by R.T Hamilton Brow » Sat, 01 Apr 2000 04:00:00


Thank you. I think you're right! I tried something similar to what you've to
below excluding the proxy statement.

I'll put this next question in a new post as well...but,

When I connect my internal network's nic card to the switch's uplink port,
the "link" light" does not illuminate? I'm not sure if it even should? The
result is that no packets are routed. However, when I change the port from
uplink to normal, I can ping a machine on the internal network. But the
internal machine still can't get past the firewall.

So I don't know if I've got a mapping issue, nic card configuration, or
switch issue?

thanks for an input.



>     RT> Would this be correct? ne3 is a nic card connected to a cable
>     RT> modem using dhcp, using the same configuration the
>     RT> installation program created. ne4 is my "internal" network
>     RT> attached to a switch's uplink port.

>     RT> map ne4 10.9.8.7/24 -> ne3/32 portmap tcp/udp 10000:20000

>     RT> Is that it? Is there anything else to configure? I've got ipf
>     RT> enabled, rc.conf edited, the kernel is modified...Can't say
>     RT> I've succeeded yet, but I'd like to verify the logic.

> I think there's a mixup with the interfaces. I have a similar
> configuration: ne3 to outside world, ne4 internal private network. It
> looks like this:

> map ne3 192.168.1.0/24 -> XXX.XXX.XXX.XXX/32 proxy port ftp ftp/tcp
> map ne3 192.168.1.0/24 -> XXX.XXX.XXX.XXX/32 portmap tcp/udp 10000:60000
> map ne3 192.168.1.0/24 -> XXX.XXX.XXX.XXX/32

> Here 192.168.1.0 is my internal network, XXX.XXX.XXX.XXX is the
> complete ip address of my router/nat/whatever openbsd box. I think you
> could substitute XXX.XXX.XXX.XXX/32 with ne3/32 but I haven't tried
> that.

> Janne
> --

>       ut imber aquas         + Oulu University, Learning
>       at cave! vacca volat.  + and Research Services

 
 
 

NAT Question: (building on my previous post)

Post by James Grav » Tue, 04 Apr 2000 04:00:00



Quote:>When I connect my internal network's nic card to the switch's uplink port,
>the "link" light" does not illuminate? I'm not sure if it even should? The
>result is that no packets are routed. However, when I change the port from
>uplink to normal, I can ping a machine on the internal network. But the
>internal machine still can't get past the firewall.

>So I don't know if I've got a mapping issue, nic card configuration, or
>switch issue?

An uplink port on a hub is for connection to another hub or switch using
a straight-through cable.

Normally to connect a host (such as your OpenBSD firewall machine) you
should use a straight-through cable connected to a normal port.

If you can ping (and run other network programs like telnet) the
firewall, you've eliminated most possible problems with the NIC or the
hub/switch.  Now you'll need to look more closely at the firewall
configuration and filter rules.

The OpenBSD FAQ is _very_ helpful for this:

        http://www.openbsd.org/faq/index.html

If you're not used to Unix network administration, I'd recommend Craig
Hunt's "TCP/IP Network Administration" 2nd edition, from O'Reilly and
Associates.

James Graves
--
_______________________________________________________________________________
http://home.xnet.com/~ansible              Home is where the CVS repository is.