RE: Ipnat RDR broken?

On Sat, 3 Jul 2004, Dave Raven wrote:

> Anyone got any ideas on this?
>

The one system I put into production in a bridge configuration albeit
transparent, does not require ipnat rules, simply using ipf
rules was all that was required (OpenBSD system).

Cheers,

Larry.

> Thanks
> Dave
>
> -----Original Message-----
> From: owner-ipfilter@coombs.anu.edu.au
> [mailto:owner-ipfilter@coombs.anu.edu.au] On Behalf Of Dave Raven
> Sent: 29 June 2004 06:11 PM
> To: ipfilter@coombs.anu.edu.au
> Subject: Ipnat RDR broken?
>
>
> Hi all,
> I'm trying to redirect port 25 traffic to myself on a bridge'd
> freebsd machine in both directions, I have no problem doing it with ipnat
> when its on the 172.50 card (its range is /25) however 172.51 is on another
> card (/32 as its an alias) and the redirection doesn't work there. If I swop
> the masks around it does work - if I disable it I can telnet to both 51 and
> 50. Having done some serious research I've found that my problem has
> been lying in ipnat - I tried with ipfw and it worked first time. Below is
> my bridge setup, and my ipnat rules (broken) and my ipfw rules (working).
> Any ideas?
>
> # sysctl -a|grep bridge
> net.link.ether.bridge_cfg: em1,em0
> net.link.ether.bridge: 1
> net.link.ether.bridge_ipfw: 1
> net.link.ether.bridge_ipf: 1
>
> Ipnat rules:
> rdr em1 0.0.0.0/0 port 25 -> x.y.172.50 port 25 tcp
> rdr em0 0.0.0.0/0 port 25 -> x.y.172.51 port 25 tcp
>
> Ipfw rules:
> ipfw add 1 fwd 127.0.0.1:25 tcp from any to any 25 in
>
> Thanks
> Dave
>
>
>
>
>