ipnat rdr settings using IP alias not working

[rkwiles]

I have a box with two nic cards, AAEON TF-AEC-6831-A1-1010.
We use the box to act as a gateway between LAN / MESH network and to do video replication.

/etc/rc.conf

ifconfig_em0="192.168.1.116 netmask 255.255.255.0"
ifconfig_em1="192.168.224.1 netmask 255.255.255.0"
ifconfig_em1_alias0="192.168.119.1 netmask 255.255.255.0"

/etc/ipnat.rules

rdr em0 0.0.0.0/0 port 8021 -> 192.168.119.31 port 80 tcp
rdr em0 0.0.0.0/0 port 8049 -> 192.168.224.49 port 80 tcp

ifconfig:

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
        ether 00:07:32:16:cd:d3
        inet 192.168.1.116 netmask 0xffffff00 broadcast 192.168.1.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active

em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
        ether 00:07:32:16:cd:d4
        inet 192.168.224.1 netmask 0xffffff00 broadcast 192.168.224.255
        inet 192.168.119.1 netmask 0xffffff00 broadcast 192.168.119.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

I can get to the 192.168.224.49 by using the URL of http://192.168.1.116:8049
but I can not get to http://192.168.1.116:8021 to get to 192.168.119.31

Any suggests? Thanks.

I am using FreeBSD 8.0.
Upgrading the OS on all the boxes we have shipped would be painful but not impossible.

 

[quintessence]

Hello,

Try to use map or bimap in your rules instead of rdr.

 

[rkwiles]

Have added the following lines above the rdr lines in the /etc/ipnat.rules file.

map em1 192.168.119.0/24 -> 0.0.0.0/32 portmap tcp/udp 7000:9000
map em1 192.168.119.0/24 -> 0.0.0.0/32
map em1 192.168.224.0/24 -> 0.0.0.0/32 portmap tcp/udp 7000:9000
map em1 192.168.224.0/24 -> 0.0.0.0/32

Still can not access the 192.168.119.31 port 80 from 192.168.1.116 port 8021 but
192.168.224.49 port 80 can be accessed from 192.168.1.116 port 8049

I have tried changing the em1 to em0, /24 to /32 and tcp/udp to tcp in the above text.

I guess I am not understanding why you wanted me to try map or bimap.

It seems to me that ipnat does not understand what ip alias is so it ignores or does not see the alias address.

Can you or someone give this a try and let me know.

 

[rkwiles]

I switched the 192.168.224 and the 192.168.119 so that the 224 is the alias.
The 224 still works and 119 does not so this means the problem is on the 119 node devices.
The 119 node devices work if you do not go through the 192.168.1.116 computer.

Sorry to have bothered you all and thanks for the reply.