Hi. I had server with few interfaces
ifconfig:
netstat -r:
ipfw list:
ipfw nat show config
at such a config in a net 10.0.1.0/24 packets pass from everywhere, nat works.
but there is no access to the 10.0.0.0/8 net from the 10.1.1.0/24 network. Moreover, tcpdump says that responses to ip 172.16.0.1 come. But on the vlan4021 interface they are no longer there. I ask for help with my problem and thank you in advance!)
ifconfig:
Code:
vlan4021: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80002<TXCSUM,LINKSTATE>
ether c0:25:e9:1e:73:cd
inet 172.16.0.1 netmask 0xfffffffc broadcast 172.16.0.3
inet 10.0.1.1 netmask 0xffffff00 broadcast 10.0.1.255
inet 192.168.88.1 netmask 0xffffff00 broadcast 192.168.88.255
groups: vlan
vlan: 4021 vlanpcp: 0 parent interface: re1
media: Ethernet 1000baseT <full-duplex>
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan4094: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80002<TXCSUM,LINKSTATE>
ether c0:25:e9:1e:73:cd
inet 10.1.1.1 netmask 0xffffff00 broadcast 10.1.1.255
groups: vlan
vlan: 4094 vlanpcp: 0 parent interface: re1
media: Ethernet 1000baseT <full-duplex>
status: active
vlan4021-10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=28<VLAN_MTU,JUMBO_MTU>
ether c0:25:e9:1e:73:cd
inet 10.1.2.1 netmask 0xffffff00 broadcast 10.1.2.255
inet6 fe80::c225:e9ff:fe1e:73cd%vlan4021-10 prefixlen 64 tentative scopeid 0xa
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>netstat -r:
Code:
default XXXXX US XXX
10.0.0.0/8 172.16.0.2 UGS vlan4021
10.0.1.0/24 link#6 U vlan4021
10.0.1.1 link#6 UHS lo0
10.1.1.0/24 link#7 U vlan4094
10.1.1.1 link#7 UHS lo0
10.1.2.0/24 link#10 U vlan4021
10.1.2.1 link#10 UHS lo0
10.2.2.1 link#9 UHS lo0
localhost link#3 UH lo0
172.16.0.0/30 link#6 U vlan4021
172.16.0.1 link#6 UHS lo0ipfw list:
Code:
00100 check-state :default
00500 allow tcp from any to any via vlan4094
00600 allow udp from any to any via vlan4094
00700 allow icmp from any to any via vlan4094
01000 allow ip from any to any via lo0
01600 nat 2 ip from any to 10.0.1.0/24 via vlan4021
01700 nat 3 ip from any to 10.0.0.0/8 via vlan4021
01800 allow log logamount 50 ip from 10.0.0.0/8 to any via vlan4021
01900 allow ip from any to any via vlan4021-10 keep-state :defaultipfw nat show config
Code:
ipfw nat 2 config ip 10.0.1.1 deny_in same_ports reset
ipfw nat 3 config ip 172.16.0.1 log same_portsat such a config in a net 10.0.1.0/24 packets pass from everywhere, nat works.
but there is no access to the 10.0.0.0/8 net from the 10.1.1.0/24 network. Moreover, tcpdump says that responses to ip 172.16.0.1 come. But on the vlan4021 interface they are no longer there. I ask for help with my problem and thank you in advance!)
Last edited by a moderator:
