|
NetBSD General Other questions regarding NetBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Basic NAT trouble for a newbie
Hello everyone,
I'm a Linux user that believes that Linux has become a very configurable brick, but a brick no less. And searching around I found NetBSD which seems to be way lighter, faster, secure and reliable than Linux but is harder to make the jump that I expected. I have a K6-2 with 128 RAM that I want to convert to be a home gateway (it works OK with Slackware), now I've installed NetBSD 5.0.2 and installed all the software I needed, well almost. What is killing me is that the simple stuff seems to be not so simple. I follow the basics on www dot netbs dot org and still I cannot manage to get the NAT rules straight. Here they is the problem. I have two interfaces:
My /etc/ipf.conf looks like this: Code:
pass in from any to any pass out from any to any Code:
map vr0 192.168.110.0/24 -> 0/32 proxy port ftp ftp/tcp map vr0 192.168.110.0/24 -> 0/32 portmap 10000:20000 map vr0 192.168.110.0/23 -> 0/32 No please correct me if I'm wrong, but the way I read them is this: ipf.conf Forward any traffic from any host to any host and forward any traffic from any host to any host. ipnat.conf Grab all 192.168.110.0 subnet requests to the other ip/nic (ex0). Ohh, I also enabled ip forwarding on /etc/sysctl.conf adding ip.inet.ip.forwarding=1, which is reflected on the output of sysctl -a I have another mayor problem and is that dnsmasq is not respondig DHCP requests that I can see on tcpdump comming in, but not sure if it might be related. I think not since DHCP on vr0 should answer the requests anyway. Thanks so much for the help in advanced. |
|
|||
Since the popularity of pf, the OpenBSD packet filter, which runs on all BSDs, hardly anyone uses ipf anymore and thus hardly anyone remembers how that worked
With pf, your ruleset would be something like Code:
EXT_IF = ex0 INT_IF = vr0 nat on $EXT_IF from $INT_IF:network to any -> $EXT_IF # --- default policy block log all pass out quick on $EXT_IF pass in quick on $INT_IF
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Hi J65nko,
Thanks for the tip, I follow your example and red a bit about pf, but as strange as it sounds the when I run pf (loading lmk) the machine lock's up both interfaces, so I'm still looking into it. I'll let you know what I find out. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Basic starter questions ??? | dennky | OpenBSD Installation and Upgrading | 10 | 5th December 2009 07:21 PM |
Basic networking fail. | diw | OpenBSD General | 13 | 31st March 2009 09:29 AM |
mount second hard drive - newbie trouble | corneliu | FreeBSD General | 7 | 23rd September 2008 10:51 PM |
Basic sshd hardening | anomie | Guides | 12 | 12th September 2008 03:39 AM |
need some basic help on ifconfig | daemon-dd | FreeBSD General | 4 | 29th July 2008 03:21 PM |