IPNAT configuration troubles

K

Kelly

Hi,

I am trying to redirect from a port to a address and port number.
See attached diagram.

The AV3000 system is a FreeBSD 11.1 system with two network interfaces.
igb0 = 192.168.0.18/24
igb1 = 192.168.119.2/24
Gateway of 192.168.0.1

The Mega Pixel is a camera with IP address 192.168.119.201
It has a web page server at port 80
and a default gateway of 192.168.119.1

The ipnat.conf file contains
Code: 
rewrite in on igb0 proto tcp from any to any port = 8301 -> src 192.168.119.2/32 dst 192.168.119.201/32,80;
Each Mega Pixel camera added would have a different IP and use a different port on the igb0 interface.

What I am trying to do is map the port 8301 on the 192.168.0.0/24 interface to port 80 on the Mega Pixel camera.

The HTTP GET from the Viewer does a 3/4 round trip, in other words.
Packet sent from 192.168.0.8 arrives at 192.168.0.18 port 8301 on interface igb0.
Then I see a packet from interface igb1, 192.168.0.119.2 being redirected to 192.168.119.201 port 80.
I also see a packet from 192.168.119.201 port 80 being sent to 192.168.119.2

So I am missing the last part and do not know how to configure ipnat.conf to handle this.
I have tried to several rewrite commands to get the last part of the path to work but no luck.

If I access the Mega Pixel through the RV50 it works fine but I also need the other path to work.

AV3000 info:
Code: 
FreeBSD amrouter.net 11.1-RELEASE-p9 FreeBSD 11.1-RELEASE-p9 #0: Tue Apr  3 16:59:16 UTC 2018     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
rc.conf
Code: 
ifconfig_igb1="inet 192.168.119.2 netmask 255.255.255.0"
ifconfig_igb0="DHCP"
gateway_enable="YES"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.conf"
 

Attachments

  • am_setup2.pdf
    21.7 KB · Views: 208
Instead of trying to manually rewrite packages I'd rely on NAT instead and let the system do all the work, see also this handbook page. So using redirecting.

It's been a while since I last used IPFilter myself but something in the likes off...
Code: 
rdr igb0 0/0 port 8301 -> 192.168.119.201 port 80 tcp
.. more or less. Note that this is based on ipnat(5), definitely check this for yourself too.

If I understand the problem correctly then this should be able to solve all that.
 
Why use NAT at all? If you set up routing correctly you can access each camera directly. There's no need for complicated and annoying NAT rules.
 
Shelluser,

I had tried rdr command but I believe the problem with that is that the destination address is changed by rdr but the source address does not change. This means that the Mega Pixel camera sees the source address which is the 192.168.0.0/24 subnet and sends the reply to the default gateway which is the RV50.

SirDice,
Can you give me an example? I like the idea of not using NAT configure.
Would I have to setup a route for each Mega Pixel camera?
 
Add a static route on the camera: 192.168.0.0/24 gateway 192.168.119.2
Add a static route on the viewer: 192.168.119.0/24 gateway 192.168.0.18

Done. Now you can access 192.168.119.201 directly from 192.168.0.8.
 
Kelly said:
I had tried rdr command but I believe the problem with that is that the destination address is changed by rdr but the source address does not change.
Click to expand...
You should be able to fix that with an extra map statement:
Code: 
map igb1 0/0 -> 192.168.119.2/32
 
Kelly said:
Sadly no ability to set routes in the camera.
Click to expand...
I was afraid of that. Can you add static routes on the viewer? If you can add routes there set it to what I posted before. Then add the mapping as shown by ShelLuser. That should be all that's needed. That would require NAT but it's a fairly simple source NAT.
 
You must log in or register to reply here.
Back
Top