Problem with MASQ and NAT -- (without arp patch)
I am trying to use ipmasq and NAT to get an outside host connected for telnet, and all other hosts (if any, as we add them) will use the masquerading. Here are my rules. Am I missing something? Thanks - rich there is a router on the outside of the 252 net that is 252.1. It only knows about the route to the firewall -- there are no routes to the internal NAT-translated host. Do I need the arp patch? (if so, where is it?) -------------- #!/bin/sh # LOCALHOST=`hostname` IFEXT="192.168.252.7" # eth1 IFINT="192.168.45.86" # eth0 LOCALNET="192.168.0.0/16" ANY="0.0.0.0/0" UNPRIV="1024:65535" HOST="192.168.45.86/32" # configure the firewall # all rules go here, including the NAT stuff # # First setup accounting and forwarding # turn off everything and then flush all rules for clean # start each time # ipfwadm -F -p deny ipfwadm -F -f ipfwadm -I -f ipfwadm -O -f ipfwadm -A -f # # localhost stuff ipfwadm -I -a accept -V 127.0.0.1 -S 127.0.0.1 -D 127.0.0.1 ipfwadm -O -a accept -V 127.0.0.1 -S 127.0.0.1 -D 127.0.0.1 # outgoing # incoming # forwarding ipfwadm -F -a masquerade -P tcp -W $IFEXT -S $ANY $UNPRIV -D $ANY telnet # accounting ipfwadm -A -a -b # NAT for the router/load host ipnatadm -O -i -P tcp -S 192.168.32.101/32 -M 192.168.252.8/32 -W eth0 ipnatadm -I -i -P tcp -S 192.168.252.8/32 -N 192.168.32.101/32 -W eth0 |
Messages
Outline:
You cant use NAT and Masquerading at the same time by Rolf Cronberg, 7/23/98
Maybe with aliasing by ogura@hde.co.jp, 7/23/98
still no solution with ARP... by rich, 7/28/98
