Thanks you, it's working ! But why using vr0 instead of vr1 for map instruction ? Network 192.168.0.32/27 is attach to vr1 not vr0 ...
Is it an IPNat mystery or have you an answer ? > -----Message d'origine----- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] De la part de fbsd_user > Envoyé : jeudi 12 janvier 2006 16:43 > À : cedric Gross; freebsd-questions@freebsd.org > Objet : RE: IpNat and 3 NIC > > You have ipnat statements wrong. should be liked this > > map vr0 10.0.0.0/8 -> 0.32 proxy port ftp ftp/tcp > map vr0 10.0.0.0/8 -> 0.32 portmap tcp/udp 20000:60000 > map vr0 10.0.0.0/8 -> 0.32 > map vr0 192.168.0.0/30 -> 0.32 portmap tcp/udp auto > map vr0 192.168.0.32/27 -> 0.32 portmap tcp/udp auto > map vr0 192.168.0.32/27 -> 0.32 > map vr0 192.168.0.96/27 -> 0.32 portmap tcp/udp auto > map vr0 192.168.0.96/27 -> 0.32 > rdr xl0 0.0.0.0/0 port 80 -> 10.0.0.254 port 3128 tcp > rdr vr1 192.168.0.32/27 port 80 -> 10.0.0.254 port 3128 tcp > rdr vr1 192.168.0.96/27 port 80 -> 10.0.0.254 port 3128 tcp > > Note map vr1 has been changed to vr0 > > If your public IP 84.96.23.106 is not dedicated to you by your ISP, > then you should not be hard coding it in your IPnat rules. Read the > Freebsd ipfilter documentation in the handbook for details. > > 0.32 = The IP address/netmask assigned by your ISP. > The special keyword 0.32 tells ipnat to get the current > public > IP address of the interface specified on this statement and > substitute it for the 0.32 keyword. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of cedric > Gross > Sent: Thursday, January 12, 2006 9:58 AM > To: freebsd-questions@freebsd.org > Subject: IpNat and 3 NIC > > > Hello, > > I have my FreeBSD 5.4 box with 3 NIC : > > Xl0 LAN with network 10.0.0.0/8 and 192.168.0.0/30 > VR0 Wan 84.96.23.106/32 > VR1 LAN with network 192.168.0.32/27 and 192.168.0.96/27 > > I use IPNAT and Ip filter. > > I'm doing NAT from Xl0 to Vr0, it's working fine > > I'm trying to do the same thing with vr1 to Vr0 but it's seems that > traffic > coming from vr1 are not translated. > Is there a interface limitation with IPNAT ? > > Is there a way to do translation from both NIC ? > > Here is my ipnat.conf : > map vr0 10.0.0.0/8 -> 84.96.23.106/32 proxy port ftp ftp/tcp > map vr0 10.0.0.0/8 -> 84.96.23.106/32 portmap tcp/udp 20000:60000 > map vr0 10.0.0.0/8 -> 84.96.23.106/32 > map vr0 192.168.0.0/30 -> 84.96.23.106/32 portmap tcp/udp auto > map vr1 192.168.0.32/27 -> 84.96.23.106/32 portmap tcp/udp auto > map vr1 192.168.0.32/27 -> 84.96.23.106/32 > map vr1 192.168.0.96/27 -> 84.96.23.106/32 portmap tcp/udp auto > map vr1 192.168.0.96/27 -> 84.96.23.106/32 > rdr xl0 0.0.0.0/0 port 80 -> 10.0.0.254 port 3128 tcp > rdr vr1 192.168.0.32/27 port 80 -> 10.0.0.254 port 3128 tcp > rdr vr1 192.168.0.96/27 port 80 -> 10.0.0.254 port 3128 tcp > > Thanks for help. > Cedric > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"