*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
and in rc.conf i have:
defaultrouter="208.53.175.161"
ifconfig_lnc0="inet 208.53.175.162 netmask 255.255.255.224"
ifconfig_lnc1="inet 208.53.175.169 netmask 255.255.255.248"
Now connected to lnc1 over a crossover cable I have another BSD box using the ip 208.53.175.170, it can access the internet and stuff but I need to be able to make the first box with the ip 208.53.175.162 pass all packets incoming for 208.53.175.170 so people on the outside can access the local box.
I've tried using natd in natd.conf to get it to forward but it doesnt work, ive tried these three options in natd.conf each one at a time with no luck.
redirect_port tcp 208.53.175.170:22 208.53.175.170:22
redirect_proto tcp 208.53.175.170 208.53.175.170
redirect_address 208.53.175.170 208.53.175.170
Any help would be greatly appreciated, im trying to avoid assigning my inside network local ips such as 192.168.0.*, I want to assign them their real outside ips while the bsd machine acts as a router.
By the way the first person who gives me a successful way how to fix this I will paypal them some cash. ($50 usd).
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Well, it sounds like you want a bridge. You can bridge two interfaces and have them "IP-less". You can't assign two interfaces with IPs on the same subnet and expect it to work.
Re: BSD Router with natd and ipfw need help please
Quote:
Originally posted by SIP2005
and in rc.conf i have:
defaultrouter="208.53.175.161"
ifconfig_lnc0="inet 208.53.175.162 netmask 255.255.255.224"
ifconfig_lnc1="inet 208.53.175.169 netmask 255.255.255.248"
I'm surprised it works at all. Assuming your ISP's router is .161, you have this configured incorrectly.
lnc0 has 208.53.175.160-191 on that interface, but you also have 208.53.175.168-175 on lnc1... Yes, this will thoroughly confuse the routing mechanism in the box.
chort's suggestion is probably the easiest. Keep lnc0 as it is, remove the line for lnc1 and set (in sysctl.conf):
Keep in mind that this basically turns 162 into a switch (bridges are basically switches) and will pass *all* packets to the machine on lnc1 until you get your ipfw rules on it.
P.S. 170's mask should be /27 also -- And I can't speak for chort, but I don't need your money. It's actually pretty fulfilling to help people.
Ok sigsegv I setup the machines as you said, they can ping each other but the .170 cannot ping the outside world neither can the outside world access .170
Any more VERY helpful ideas?
You've been a great help and I really appreciate it.
And should I leave natd running or disable natd altogether?
OK it was natd that was being the issue, as soon as i disabled it it worked great, man your a damn genious, if theres ever anything i can do for you or you need a shell or some thing or hosting just let me know, www.systeminplace.netsupport@systeminplace.net and ill hook ya up.
I appreciate the offer, and I might some day collect, but I'm good now. And just to keep anyone from begging shells and stuff in my name, I'm sending you my gpg key as soon as I punch submit. Any off-board communication will be signed with it.
Hey one more question I have setup mrtg to montior bw and have the following
in my ipfw rules:
Router# ipfw list
30000 count ip from any to any out
30170 count ip from 208.53.175.170 to any
31000 count ip from any to any in
31170 count ip from any to 208.53.175.170
65535 allow ip from any to any
Router#
however mrtg isnt counting the packets to the machine is it because I am
using the router as a bridge? is there a way for me to ammend those rules so
that I can still monitor and block or allow ports to 208.53.175.170
I have mrtg up and working on all my other boxes and its setup on this bridge but its not monitoring or catching the packets going through it to the .170 machine correctly.
Router# ipfw show
30000 1325 342376 count ip from any to any out
30170 0 0 count ip from 208.53.175.170 to any out
31000 1152172 889783254 count ip from any to any in
31170 293390 431603137 count ip from any to 208.53.175.170 in
65535 1154747 890595707 allow ip from any to any
Router#
30170 count ip from 208.53.175.170 to any
31000 count ip from any to any out
31170 count ip from any to 208.53.175.170
32000 count ip from any to any in
65535 allow ip from any to any
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.