openbsd NAT

[Guest_imported]

I am trying to configure my Openbsd machine as a NAT server and am having a little trouble. I am not sure what is going wrong, I think it is my second interface. I am not sure of the exact configuration for the clients (dhcp or w/or w/o default gateway) and of the second interface (static 192.168.x.x or something else) also have some other questions if anyone thinks they could help.....I would be forever in your debt. Thanks

 

[linuxtricks]

Hi. I would be happy to help you out. OpenBSD is the best choice for security professionals everywhere when building a Firewall. =)

Now, can you be a bit more specific on what your trying to do so I can helps. =) ---
Try not. Do. Or do not. There is no try.

 

[Guest_imported]

Hey thanks for the offer I finally figured it out on my own
I kept on checking this thing and never got a response so I gave up on it. I just posted another question, maybe you can help me with that. I always have at least on question I am trying to figure out about BSD HAHA seems like it never ends...Thanks again

 

[Guest_imported]

Ping to an ADSL router: “Waiting time for this request exceeded”

I’m trying to convert an OpenBSD 2.9 host into a gateway/firewall from my Windows (98 & NT) LAN to an ADSL router (3Com OfficeConnect Remote 812 ADSL router with 4 Ethernet-ports) connected to the Internet.

LAN windows
192.168.100.x
|
|
192.168.100.6
HOST 2.9
192.A.B.6
|
|
192.A.B.1
812 ADSL ROUTER
|
|
Internet

where A,B are integers between 0 an 200


Done:
LAN:
o The LAN works properly.

HOST 2.9
o I have setup both network cards. (ifconfig: rl0 and rl1)
o Edited:
/etc/rc.conf
ipfilter=YES
ipnat=YES

/etc/sysctl.conf
net.inet.ip.forwarding=1

in order to run ipfiltering and network address translation
o Edited:
/etc/ipf.rules
pass in from any to any
pass out from any to any
for test purposes

/etc/ipnat.rules
map rl0 192.168.100.0/24 -> 192.A.B.0/32 portmap tcp/udp 10000:2000
map rl0 192.168.100.0/24 -> 192.A.B.0/32
to configure que rules for filtering and translation.
o Executed:
# ipf –Fa –f /etc/ipf.rules –E
# ipnat –CF –f /etc/ipnat.rules
or
# sh /etc/netstart
to restart the net with filtering and NAT.


THE PROBLEM:
Successful ping commands:
192.168.100.21 -> 192.168.100.6
192.168.100.21 -> 192.A.B.6
BUT:
192.168.100.21 -/-> 192.A.B.1
192.168.100.21 -/-> “DNS’s” (/etc/resolv.conf is also configured)
192.168.100.21 -/->

http://www.sun.com

The windows host is configured with the right DNSs and it is using 192.168.100.6 as gateway, but I receive: “Waiting time for this request exceeded”.

I’ve done the same function with a SuSE host in 192.168.100.1 and it works right. The problems begin when I switch the Windows Gateway to 192.168.100.6.


Any help will be welcome

Thank you
Ctinte

 

[Guest_imported]

Hi,

Are you using a 172.16.10.1 or dhcp address I set mine up with the below settings:

xl0 cable side dhcp

XL1 INTERNAL SIDE 172.16.10.1

make sure you edit the ipf.rules and the ipnat.rules

 

[Synikal]

Also, in your map line, I would do

portmap tcp/udp 1025:65000



just for good measure. 1000 is generally not a good number to map, because reserved ports go up to 1024.