Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Ipfilter & ipnat Question

Status
Not open for further replies.
artfulbodger

artfulbodger

Technical User
Jan 3, 2005
109
US
Hello friends...

I am in need of a bit of assistance here. I am trying to configure a Netra T1 as a router/firewall. Thus far, I have been able to get it as functional as the inside network(s) can get out, but nobody can get in. While this is really secure, I can't get our public web servers exposed so people can browse our site.

Here is how I have configured ipnat.conf (ipnat -l):

"ipnat.conf" 4 lines, 192 characters
"ipnat.conf" 4 lines, 192 characters
rdr hme1 10.14.128.37 port 80 -> 168.215.126.237 port 80
map hme1 10.14.0.0/16 -> 0/32 proxy port ftp ftp/tcp
map hme1 10.14.0.0/16 -> 0/32 portmap tcp/udp auto
map hme1 10.14.0.0/16 -> 0/32

I have gone through the howto several times, so I am sure I am missing something. If anyone can help point me in a direction, I would greatly appreciate it.

Thanks!
 
Sort by date Sort by votes
Thanks for the reply - it is good to find another source on ipnat and ipfilter.

I tried what you said - but no go. Here is what my ipnat now looks like when I do an ipnat -l:

List of active MAP/Redirect filters:
map hme1 10.14.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map hme1 10.14.0.0/16 -> 0.0.0.0/32 portmap tcp/udp auto
map hme1 10.14.0.0/16 -> 0.0.0.0/32
map hme0 168.215.126.0/24 -> 10.14.0.0/16

Funny thing is, in my ipnat.conf file, the last line reads:

map hme0 168.215.126.237/24 -> 10.14.128.37/16

Do the CIDR IP addresses change it back to a network?

When I configured 3com and sonicwall firewalls, I remember doing port forwards to enable internal web servers. Budget is tight here, so I went this route - I just don't know what I am missing....

Thanks for all your help!
 
Upvote 0 Downvote
I think you have this rule backwards:

rdr hme1 10.14.128.37 port 80 -> 168.215.126.237 port 80

To do the port forward:

rdr hme0 0.0.0.0/0 port 80 -> 10.14.128.37 port 80
or
rdr hme0 168.215.126.237 port 80 -> 10.14.128.37 port 80
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BOKA
  • Locked
  • Question
Soaris sendmail question 1
Replies
4
Views
162
BOKA
BOKA
tonykent
  • Locked
  • Question
makefile question
Replies
0
Views
93
tonykent
tonykent
sundba
  • Locked
  • Question
server and software upgrade question
Replies
0
Views
106
sundba
sundba
ddrillich
  • Locked
  • Question
Difference between who am i & whoami, part II
Replies
1
Views
101
Annihilannic
Annihilannic
reinstalled
  • Locked
  • Question
Quick NTP question
Replies
7
Views
223
tarn
tarn

Part and Inventory Search

Sponsor

Back
Top