Re: double nat

oops i forgot to put the complete list of rules in the previous email

sorry this one is correct :-/

On Fri, 2003-02-28 at 12:48, Chuck Yerkes wrote:
> Well, looking at the rules, I see that...

oops ok they are below

> Why NAT when you have real addresses?

long story, basically this network was setup by some jackass about 8 years ago, who basically stole some other companies ip range. It's too ingrained into our network to change it easily, so we use routers and nat devices to make sure none of those machines touch the internet (as they won't work). Just pretend they are a 10.* range or some other non-routable network.

here are the rules:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

nat on xl0 inet from 192.233.103.0/24 to any -> (xl0) nat on xl0 inet from 192.168.0.0/24 to any -> (xl0)                                                       

#redirect web traffic to addesk server
rdr on xl0 proto tcp from any to 64.1.201.130/27 port 80 -> 192.168.0.9 port 80
rdr on xl0 proto tcp from any to 64.1.201.130/27 port 800 -> 192.168.0.6 port 80rdr on xl0 proto tcp from any to 64.1.201.131/27 port 801 -> 192.168.0.7 port 80rdr on xl0 proto tcp from any to 64.1.201.132/27 port 802 -> 192.168.0.8 port

80                                                                                
                                                                                

#redirect ftp traffic to addesk server
rdr on xl0 proto tcp from any to 64.1.201.130/27 port 2121 -> 192.168.0.5 port 21

#redirect addesk ports
rdr on xl0 proto tcp from any to 64.1.201.130/27 port 8001 -> 192.168.0.5 port 8001
rdr on xl0 proto tcp from any to 64.1.201.130/27 port 8002 -> 192.168.0.5 port 8002
rdr on xl0 proto tcp from any to 64.1.201.130/27 port 8101 -> 192.168.0.5 port 8101
rdr on xl0 proto tcp from any to 64.1.201.130/27 port 8102 -> 192.168.0.5 port 8102
rdr on xl0 proto tcp from any to 64.1.201.130/27 port 8201 -> 192.168.0.5 port 8201
rdr on xl0 proto tcp from any to 64.1.201.130/27 port 8202 -> 192.168.0.5 port 8202

pass in all
pass out all

updated the digram to include interfaces                                                                                

> >
> > 64.1.201.129
Received on Fri Feb 28 16:19:19 2003