Re: DNAT in freebsd

On 7/3/2013 4:06 AM, Sami Halabi wrote: Hi Julian, I appreciate your willing to help me. My Situation in short is: --- [a] - [b] - internet B |---BGP---|84.xx.yy.1 192.168.0.1|-|192.168.0.2/24 193.xx.yy.2| |Aem1 Cem3 D em0|

Re: DNAT in freebsd

On Sat, 6 Jul 2013 18:37:55 +0700, Eugene Grosbein wrote: > On 06.07.2013 14:47, Sami Halabi wrote: > > Hi, > > Any hope? > > Have you used intedmediate "ipfw count log" rules between "ipfw nat" rules > I recommended? If yes, why have not you show that logs yet? > Include tcpdump output fro

Re: DNAT in freebsd

On 06.07.2013 14:47, Sami Halabi wrote: > Hi, > Any hope? Have you used intedmediate "ipfw count log" rules between "ipfw nat" rules I recommended? If yes, why have not you show that logs yet? Include tcpdump output from external and internal interfaces too. _

Re: DNAT in freebsd

Hi, Any hope? Thanks in advance, Sami בתאריך 3 ביול 2013 14:06, מאת "Sami Halabi" : > Hi Julian, > > I appreciate your willing to help me. > > My Situation in short is: > > --- [a] - [b] - > internet B |---BGP---|84.xx.yy.1 192.168.0.1|-|192.16

Re: DNAT in freebsd

Hi Julian, I appreciate your willing to help me. My Situation in short is: --- [a] - [b] - internet B |---BGP---|84.xx.yy.1 192.168.0.1|-|192.168.0.2/24 193.xx.yy.2| |Aem1 Cem3 D em0| | | neighbour --- ---

Re: DNAT in freebsd

On 7/3/13 11:59 AM, Julian Elischer wrote: On 7/3/13 10:47 AM, Julian Elischer wrote: On 7/2/13 10:21 PM, Sami Halabi wrote: Hi again, So far no solution Is there really no alternative in FreeBSD? oh I'm sure there are several solutions.. I looked at the original email but have since de

Re: DNAT in freebsd

On 7/3/13 10:47 AM, Julian Elischer wrote: On 7/2/13 10:21 PM, Sami Halabi wrote: Hi again, So far no solution Is there really no alternative in FreeBSD? oh I'm sure there are several solutions.. I looked at the original email but have since deleted it.. ah archives to the rescue o

Re: DNAT in freebsd

On 7/2/13 10:21 PM, Sami Halabi wrote: Hi again, So far no solution Is there really no alternative in FreeBSD? oh I'm sure there are several solutions.. I looked at the original email but have since deleted it.. ah archives to the rescue ok so your request is a bit short on informat

Re: DNAT in freebsd

Hi again, So far no solution Is there really no alternative in FreeBSD? Sami בתאריך 1 ביול 2013 14:16, מאת "Sami Halabi" : > Hi, > I did ping 10.0.1.1 from 10.0.1.2, so packet is 10.0.1.2 ->10.0.1.1 > > ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1 > if I have 10.0.1.1 in em1 no translat

Re: DNAT in freebsd

Hi, I did ping 10.0.1.1 from 10.0.1.2, so packet is 10.0.1.2 ->10.0.1.1 > ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1 if I have 10.0.1.1 in em1 no translation is done! if I delete it (and add a static arp entry in 10.0.1.2 for mac of 10.0.1.1) rule 1000 translates well and I get packet from 1

Re: DNAT in freebsd

On 01.07.2013 17:05, Sami Halabi wrote: > Hi, > forgot to mention that but this sysctl is already set to 0. > i see in the logs packets pass 1000 rule. Use rules like 'ipfw add 1500 count log ip from any to any' to check intermediate results of translation. ___

Re: DNAT in freebsd

Hi, forgot to mention that but this sysctl is already set to 0. i see in the logs packets pass 1000 rule. Sami On Mon, Jul 1, 2013 at 12:17 PM, Eugene Grosbein wrote: > On 01.07.2013 14:30, Sami Halabi wrote: > > Hi, > > > > I've tried the following: > > > > em1 - ip 10.0.1.1/24

Re: DNAT in freebsd

On 01.07.2013 14:30, Sami Halabi wrote: > Hi, > > I've tried the following: > > em1 - ip 10.0.1.1/24 > em2 - ip 11.0.3.1/24 > route add 11.0.4.0/24 11.0.3.2 > > ipfw flush > ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1 > ipfw ad

Re: DNAT in freebsd

Hi, I've tried the following: em1 - ip 10.0.1.1/24 em2 - ip 11.0.3.1/24 route add 11.0.4.0/24 11.0.3.2 ipfw flush ipfw add 1000 nat 1 all from 10.0.1.2 to 10.0.1.1 ipfw add 2000 nat 2 all from 11.0.3.1 to 10.0.1.1 ipfw add 3000 nat 2 all from 11.0.4.2 to 11.0.3.1 ipfw add 4000 nat 1 all from 10

Re: DNAT in freebsd

Hi Eugene, It simply doesn't work for me, the reverse option doesn't work properly for me it keeps translating the source instead of the destination... On Sun, Jun 30, 2013 at 6:32 PM, Eugene Grosbein wrote: > On 30.06.2013 18:48, Sami Halabi wrote: > > Hi, > > I don't understand how rever

Re: DNAT in freebsd

On 30.06.2013 18:48, Sami Halabi wrote: > Hi, > I don't understand how reverse mode works exactly, and didn't find a good > example. > > > can you try and help on the configuration? Well, that's pretty simple. Generally, NAT translates source IP address of the packet keeping destination IP int

Re: DNAT in freebsd

Hi, I don't understand how reverse mode works exactly, and didn't find a good example. can you try and help on the configuration? Thanks in advance, Sami On Sun, Jun 30, 2013 at 1:22 PM, Eugene Grosbein wrote: > On 29.06.2013 13:50, Sami Halabi wrote: > > I think I was misunderstood... > > H

Re: DNAT in freebsd

Hi, Thanks for your time. What this configuration does is normal NAT configuration (SNAT). what I'm seeking is combination of SNAT & DNAT to act as a transparent proxy as: 192.168.0.2 connects to me (192.168.0.1) it'll talk actually with 193.xx.yy.1 whithout knowing it using my special public ip

Re: DNAT in freebsd

On 29.06.2013 13:50, Sami Halabi wrote: > I think I was misunderstood... > Here is the situation i want to handle: > My box is a router that handles several /24 behind. > One of my links (em0) is connected to a private network 192.168.0.1 is me, > my neighbour is 192.168.0.2. > I want to make that

Re: DNAT in freebsd

On Sat, Jun 29, 2013 at 09:50:15AM +0300, Sami Halabi wrote: > I think I was misunderstood... > Here is the situation i want to handle: > My box is a router that handles several /24 behind. > One of my links (em0) is connected to a private network 192.168.0.1 is me, > my neighbour is 192.168.0.2.

Re: DNAT in freebsd

Any buyers? :) I need your kindly help on this... Sami בתאריך 29 ביונ 2013 09:50, מאת "Sami Halabi" : > I think I was misunderstood... > Here is the situation i want to handle: > My box is a router that handles several /24 behind. > One of my links (em0) is connected to a private network 192.168.

Re: DNAT in freebsd

I think I was misunderstood... Here is the situation i want to handle: My box is a router that handles several /24 behind. One of my links (em0) is connected to a private network 192.168.0.1 is me, my neighbour is 192.168.0.2. I want to make that any connection comes to 192.168.0.1 to go to ip 193

Re: DNAT in freebsd

> Hi, (sorry for sending again, the last email was with wrong subject) > I would like to perform a full dnat/snat as in iptbles in: > linux-ip.net/html/nat-dnat.html > How it can be done in fbsd, I use ipfw. > > I seeked natd man page but its translation, and thr proxy_rule is for > specefic port,