Difference between revisions of "NAT FreeBSD"

From Teknologisk videncenter
Jump to: navigation, search
m
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
== FreeBSD NAT ==
+
= FreeBSD NAT =
FreeBSD contain three builtin packet filtering programs.
+
== ipnat ==
 +
=== /etc/ipnat.rules ===
 +
<source lang=bash>
 +
# Filename: /etc/ipnat.rules
 +
#172.16.4.0/24 Internal backbone network on Mercantec
 +
map em1 from 192.168.22.0/24 to 172.16.4.0/24 -> 172.16.4.7/32
 +
#172.16.67.0/24 Printers on Mercantec
 +
map em1 from 192.168.22.0/24 to 172.16.67.0/24 -> 172.16.4.7/32
 +
#192.168.128.0/17 TEKKOM classes
 +
map em1 from 192.168.22.0/24 to 192.168.128.0/17 -> 172.16.4.7/32
 +
map vr1 192.168.22.0/24 -> 0/32
 +
map vr1 172.21.0.0/16 -> 0/32
 +
rdr vr1 83.90.239.186/32 -> 192.168.22.221  #sun
 +
rdr vr1 83.90.239.187/32 -> 192.168.22.178  #Cisco
 +
rdr vr1 83.90.239.188/32 -> 192.168.22.223  #bsd
 +
</source>
 +
=== /etc/rc.conf ===
 +
Add the following to /etc/rc.conf
 +
<source lang=cli>
 +
defaultrouter="83.90.47.29"
 +
static_routes="backbone tekkom printers"
 +
route_tekkom="-net 192.168.128.0/17 172.16.4.1"
 +
route_backbone="-net 172.16.4.0/24 172.16.4.1"
 +
route_printers="-net 172.16.67.0/24 172.16.4.1"
 +
</source>
 +
 
 +
=== Checking ipnat ===
 +
You can use '''ipnat -l''' to see active sessions and filters in use. Use '''ipnat -lv''' to see traffic from each session
 +
<source lang=cli>
 +
[root@mars etc]#<input>ipnat -l</input>
 +
List of active MAP/Redirect filters:
 +
map em1 from 192.168.22.0/24 to 172.16.4.0/24 -> 172.16.4.7/32
 +
map em1 from 192.168.22.0/24 to 172.16.67.0/24 -> 172.16.4.7/32
 +
map em1 from 192.168.22.0/24 to 192.168.128.0/17 -> 172.16.4.7/32
 +
map vr1 192.168.22.0/24 -> 0.0.0.0/32
 +
map vr1 172.21.0.0/16 -> 0.0.0.0/32
 +
rdr vr1 83.90.239.186/32 -> 192.168.22.221 ip
 +
rdr vr1 83.90.239.187/32 -> 192.168.22.178 ip
 +
rdr vr1 83.90.239.188/32 -> 192.168.22.223 ip
 +
 
 +
List of active sessions:
 +
MAP 192.168.22.184  61751 <- -> 83.90.47.30    61751 [172.20.0.1 161]
 +
MAP 192.168.22.186  61750 <- -> 83.90.47.30    61750 [172.20.0.1 161]
 +
MAP 192.168.22.156  61714 <- -> 172.16.4.7      61714 [172.16.4.254 9100]
 +
MAP 192.168.22.122  61745 <- -> 83.90.47.30    61745 [172.20.0.1 161]
 +
MAP 192.168.22.181  61713 <- -> 83.90.47.30    61713 [213.155.157.83 80]
 +
MAP 192.168.22.134  61744 <- -> 83.90.47.30    61744 [208.67.222.222 53]
 +
MAP 192.168.22.134  50740 <- -> 83.90.47.30    50740 [208.67.222.222 53]
 +
MAP 192.168.22.117  60752 <- -> 83.90.47.30    60752 [208.67.222.222 53]
 +
MAP 192.168.22.123  55213 <- -> 83.90.47.30    55213 [172.20.0.1 161]
 +
MAP 192.168.22.184  61709 <- -> 83.90.47.30    61709 [80.208.113.164 443]
 +
MAP 192.168.22.182  55212 <- -> 83.90.47.30    55212 [172.20.0.1 161]
 +
MAP 192.168.22.191  55211 <- -> 83.90.47.30    55211 [172.20.0.1 161]
 +
MAP 192.168.22.197  55210 <- -> 83.90.47.30    55210 [172.20.0.1 161]
 +
MAP 192.168.22.201  55209 <- -> 83.90.47.30    55209 [172.20.0.1 161]
 +
MAP 192.168.22.71  55208 <- -> 83.90.47.30    55208 [172.20.0.1 161]
 +
MAP 192.168.22.184  61703 <- -> 83.90.47.30    61703 [80.208.113.164 443]
 +
MAP 192.168.22.134  55205 <- -> 83.90.47.30    55205 [172.20.0.1 161]
 +
MAP 192.168.22.184  55168 <- -> 83.90.47.30    55168 [172.20.0.1 161]
 +
MAP 192.168.22.184  55167 <- -> 83.90.47.30    55167 [172.20.0.1 161]
 +
MAP 192.168.22.184  55166 <- -> 83.90.47.30    55166 [172.20.0.1 161]
 +
MAP 192.168.22.184  55165 <- -> 83.90.47.30    55165 [172.20.0.1 161]
 +
MAP 192.168.22.184  61653 <- -> 83.90.47.30    61653 [80.208.113.164 443]
 +
</source>
 +
 
 +
= Source and destination NAT =
 +
<source lang=cli>
 +
rdr vr1 83.90.239.187/32 -> 172.16.4.15 # VMware
 +
map em1 from 0/0 to 172.16.4.15 -> 172.16.4.16/32 #VMware
 +
</source>
 +
*Redirect incomming traffic to NIC vr1 to IP address 83.90.239.187/32 to IP address 172.16.4.15 (Internal server)
 +
*Map traffic from anywhere (0/0) which go to 172.16.4.15 out of NIC em1 using local IP address 172.16.4.16
 +
 
 +
{{Source cli}}
 +
[[Category:UNIX]][[Category:FreeBSD]]

Latest revision as of 17:15, 28 February 2010

FreeBSD NAT

ipnat

/etc/ipnat.rules

# Filename: /etc/ipnat.rules
#172.16.4.0/24 Internal backbone network on Mercantec
map em1 from 192.168.22.0/24 to 172.16.4.0/24 -> 172.16.4.7/32
#172.16.67.0/24 Printers on Mercantec
map em1 from 192.168.22.0/24 to 172.16.67.0/24 -> 172.16.4.7/32
#192.168.128.0/17 TEKKOM classes
map em1 from 192.168.22.0/24 to 192.168.128.0/17 -> 172.16.4.7/32
map vr1 192.168.22.0/24 -> 0/32
map vr1 172.21.0.0/16 -> 0/32
rdr vr1 83.90.239.186/32 -> 192.168.22.221  #sun
rdr vr1 83.90.239.187/32 -> 192.168.22.178  #Cisco
rdr vr1 83.90.239.188/32 -> 192.168.22.223  #bsd

/etc/rc.conf

Add the following to /etc/rc.conf

defaultrouter="83.90.47.29"
static_routes="backbone tekkom printers"
route_tekkom="-net 192.168.128.0/17 172.16.4.1"
route_backbone="-net 172.16.4.0/24 172.16.4.1"
route_printers="-net 172.16.67.0/24 172.16.4.1"

Checking ipnat

You can use ipnat -l to see active sessions and filters in use. Use ipnat -lv to see traffic from each session

[root@mars etc]#<input>ipnat -l</input>
List of active MAP/Redirect filters:
map em1 from 192.168.22.0/24 to 172.16.4.0/24 -> 172.16.4.7/32
map em1 from 192.168.22.0/24 to 172.16.67.0/24 -> 172.16.4.7/32
map em1 from 192.168.22.0/24 to 192.168.128.0/17 -> 172.16.4.7/32
map vr1 192.168.22.0/24 -> 0.0.0.0/32
map vr1 172.21.0.0/16 -> 0.0.0.0/32
rdr vr1 83.90.239.186/32 -> 192.168.22.221 ip
rdr vr1 83.90.239.187/32 -> 192.168.22.178 ip
rdr vr1 83.90.239.188/32 -> 192.168.22.223 ip

List of active sessions:
MAP 192.168.22.184  61751 <- -> 83.90.47.30     61751 [172.20.0.1 161]
MAP 192.168.22.186  61750 <- -> 83.90.47.30     61750 [172.20.0.1 161]
MAP 192.168.22.156  61714 <- -> 172.16.4.7      61714 [172.16.4.254 9100]
MAP 192.168.22.122  61745 <- -> 83.90.47.30     61745 [172.20.0.1 161]
MAP 192.168.22.181  61713 <- -> 83.90.47.30     61713 [213.155.157.83 80]
MAP 192.168.22.134  61744 <- -> 83.90.47.30     61744 [208.67.222.222 53]
MAP 192.168.22.134  50740 <- -> 83.90.47.30     50740 [208.67.222.222 53]
MAP 192.168.22.117  60752 <- -> 83.90.47.30     60752 [208.67.222.222 53]
MAP 192.168.22.123  55213 <- -> 83.90.47.30     55213 [172.20.0.1 161]
MAP 192.168.22.184  61709 <- -> 83.90.47.30     61709 [80.208.113.164 443]
MAP 192.168.22.182  55212 <- -> 83.90.47.30     55212 [172.20.0.1 161]
MAP 192.168.22.191  55211 <- -> 83.90.47.30     55211 [172.20.0.1 161]
MAP 192.168.22.197  55210 <- -> 83.90.47.30     55210 [172.20.0.1 161]
MAP 192.168.22.201  55209 <- -> 83.90.47.30     55209 [172.20.0.1 161]
MAP 192.168.22.71   55208 <- -> 83.90.47.30     55208 [172.20.0.1 161]
MAP 192.168.22.184  61703 <- -> 83.90.47.30     61703 [80.208.113.164 443]
MAP 192.168.22.134  55205 <- -> 83.90.47.30     55205 [172.20.0.1 161]
MAP 192.168.22.184  55168 <- -> 83.90.47.30     55168 [172.20.0.1 161]
MAP 192.168.22.184  55167 <- -> 83.90.47.30     55167 [172.20.0.1 161]
MAP 192.168.22.184  55166 <- -> 83.90.47.30     55166 [172.20.0.1 161]
MAP 192.168.22.184  55165 <- -> 83.90.47.30     55165 [172.20.0.1 161]
MAP 192.168.22.184  61653 <- -> 83.90.47.30     61653 [80.208.113.164 443]

Source and destination NAT

rdr vr1 83.90.239.187/32 -> 172.16.4.15 # VMware
map em1 from 0/0 to 172.16.4.15 -> 172.16.4.16/32 #VMware
  • Redirect incomming traffic to NIC vr1 to IP address 83.90.239.187/32 to IP address 172.16.4.15 (Internal server)
  • Map traffic from anywhere (0/0) which go to 172.16.4.15 out of NIC em1 using local IP address 172.16.4.16