Does IPFILER from TLS709 work with one NIC with multiple IP addresses?

Chalawal Maliwan · Chalawal Maliwan

I have tried to install ipfilter on OSR504 using configuration below:

map net0 0.0.0.0/0 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map net0 193.88.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map net0 193.88.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:40000
map net0 193.88.1.0/24 -> 0.0.0.0/32

/etc/default/inet:
ipforwarding 1
ipsendredirects 1

/etc/ipf.conf:
pass out all

192.168.0.1
193.88.1.4 -> 193.88.1.1 -> Outside World
202.197.2.24
"A" "B"

I can ping both 193.88.1.1 and 202.197.2.24 but I could not ping the
"Outside World" from 193.88.1.4.

Does it mean that IPFILTER isn't working with one NIC or I need true
private IP interface to have it working i.e. 192.168.0.1 instead of
193.88.1.1.

Thanks,
Chalawal

Jean-Pierre Radley · Jean-Pierre Radley

Chalawal Maliwan typed (on Wed, Jul 23, 2003 at 11:40:12PM -0700):
| I have tried to install ipfilter on OSR504 using configuration below:
|
| map net0 0.0.0.0/0 -> 0.0.0.0/32 proxy port ftp ftp/tcp
| map net0 193.88.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
| map net0 193.88.1.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:40000
| map net0 193.88.1.0/24 -> 0.0.0.0/32
|
| /etc/default/inet:
| ipforwarding 1
| ipsendredirects 1
|
| /etc/ipf.conf:
| pass out all
|
| 192.168.0.1
| 193.88.1.4 -> 193.88.1.1 -> Outside World
| 202.197.2.24
| "A" "B"
|
|
| I can ping both 193.88.1.1 and 202.197.2.24 but I could not ping the
| "Outside World" from 193.88.1.4.
|
| Does it mean that IPFILTER isn't working with one NIC or I need true
| private IP interface to have it working i.e. 192.168.0.1 instead of
| 193.88.1.1.
|

I'm using 198.207.210 for my NAT'ed addresses, so that's not your
problem. My ipnat.rules file contains:

map net1 198.207.210.0/24 -> 66.167.21.66/32

This is NOT the filter rules file, and it's run by ipnat, as opposed to
my ipf.conf file which is run by ipfilter.

--
JP

Chalawal Maliwan · Chalawal Maliwan

>

> I'm using 198.207.210 for my NAT'ed addresses, so that's not your
> problem. My ipnat.rules file contains:
>
> map net1 198.207.210.0/24 -> 66.167.21.66/32
>
> This is NOT the filter rules file, and it's run by ipnat, as opposed to
> my ipf.conf file which is run by ipfilter.

I have it running now by changing the 202.197.2.24 from alias to the
real IP address. I can ping, telnet and etc. to the outside world but
not traceroute.
Do I need to run "routed" on the "202.197.2.24" to have traceroute to
work.

Thanks,

Chalawal

Chalawal Maliwan · Chalawal Maliwan

Below please find more about findings:

"B" can telnet to 193.88.1.x only if the default route on
193.88.1.x is set to 193.88.1.1
While telneting to 193.88.1.4 from "B", 193.88.1.4 sees "B" as
coming from 202.197.2.24

I must be missing something here. Can anyone please suggest?

Thanks,
chalawal

Does IPFILER from TLS709 work with one NIC with multiple IP addresses?

Thread Tools

Display

Does IPFILER from TLS709 work with one NIC with multiple IP addresses?

Similar Questions and Discussions

Multiple Debugging IP addresses

Multiple Debugging IP addresses

Multiple IP Addresses For Same Host in /etc/hosts

Sending mail to multiple addresses

Mac addresses / Multiple airports

Re: Does IPFILER from TLS709 work with one NIC with multiple IP addresses?

Re: Does IPFILER from TLS709 work with one NIC with multiple IP addresses?

Re: Does IPFILER from TLS709 work with one NIC with multiple IP addresses?

Posting Permissions