OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Dean Carey (dcareydolfin.com)
Date: Tue May 01 2001 - 14:33:06 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Not to flame Billy. But I would suggest that you man ipnat!!!

    Dean Carey

    PGP public key available upon request.

    -----Original Message-----
    From: Billy [mailto:_bil_mail.ru]
    Sent: Tuesday, May 01, 2001 2:54 PM
    To: Dean Carey
    Cc: wfmmacscan.co.uk; miscopenbsd.org
    Subject: Re: simple IPF and IPNAT but problem between chair and keyboard

    Tue, 1 May 2001 11:42:32 -0400 Dean Carey <dcareydolfin.com> пишет:

    > redirects need to be placed before mappings!!!
    you are not right
    alomost all examples gives redirs after maps
    and my ipnat.conf is working havind rdr after map

    >
    > try that and post again if no luck! ;-)
    >
    >
    >
    > Dean Carey
    > PGP public key available upon request.
    >
    >
    >
    > -----Original Message-----
    > From: Will Macdonald [mailto:wfmmacscan.co.uk]
    > Sent: Tuesday, May 01, 2001 11:20 AM
    > To: miscopenbsd.org
    > Subject: simple IPF and IPNAT but problem between chair and keyboard
    >
    >
    > I installed the 2.9 snapshot on a machine yesterday, and configures using
    > the same rules I had applied to a 2.8 machine recently, and am having
    > serious problems use rdr to send SMTP/www traffice to a machine on
    > internal
    > network.
    >
    > I have simplified the rules as much as possible, but no joy. I've also
    > read
    > through www.obfuscation.org/ipf without any luck.
    >
    > Can someone see what is wrong ?? I have modified the file sysctl.conf and
    > rc.conf accordingly. All traffic behind the NAT machine works OK, but when
    > I
    > try to telnet to port 25 from outside i get no response.
    >
    > In the ipnat.rules file I tried having the map rules after the rdr rules,
    > but no luck either way.
    > /etc/ipnat.rules
    > map ep0 10.1.1.7/24 -> 123.123.123.123/32 portmap tcp/udp 1025:65000
    > map ep0 10.1.1.7/24 -> 123.123.123.123/32
    >
    > #map ppp0 10.0.0.0/8 -> ppp0/32 portmap tcp/udp 10000:20000
    > rdr ep0 123.123.123.123/32 port 25 -> 10.1.1.1 port 25
    > rdr ep0 123.123.123.123/32 port 80 -> 10.1.1.1 port 80
    > rdr ep0 123.123.123.123/32 port 110 -> 10.1.1.1 port 110
    > rdr ep0 123.123.123.123/32 port 143 -> 10.1.1.1 port 143
    > rdr ep0 123.123.123.123/32 port 993 -> 10.1.1.1 port 993
    >
    >
    > /etc/ipf.rules
    > pass in from any to any
    > pass out from any to any
    >
    > pass in quick on ep0 proto tcp from any to 123.123.123.123/32 port = 25
    > keep
    > state
    > pass in quick on ep0 proto tcp from any to 123.123.123.123/32 port = 80
    > keep
    > state
    > pass in quick on ep0 proto tcp from any to 123.123.123.123/32 port = 143
    > keep state
    > pass out quick on ep0 proto tcp from any to any keep state