Three NICs and NAT (routing?) issue
Hi list-
I'm running FreeBSD 7.0-STABLE with three network interfaces compiled with IP Filter support (v4.1.28 (404)).
The first interface is tl0 (192.168.0.35 / 255.255.255.240), the second one is fxp0 (192.168.0.50 / 255.255.255.240) and the third one is fxp1 (10.0.10.1 / 255.255.255.0).
I would like to NAT 10.0.10 network through fxp0 interface and for some reason it doesn't work -- users are not able to pass through fxp0. Actually I don't see NAT working on fxp0 interface at all. If I do NAT through tl0 it works OK, but not with fxp0. I'm able however to ping all three interfaces from 10.0.10 network.
Here is more detailed information about my setup:
%dmesg | grep tl0
tl0: <Compaq Netelligent 10/100 Proliant> port 0x2c40-0x2c4f mem 0xc6cfccf0-0xc6cfccff irq 10 at device 7.0 on pci0
miibus0: <MII bus> on tl0
tl0: Ethernet address: 00:50:8b:50:f2:0e
%dmesg | grep fxp
fxp0: <Intel 82558 Pro/100 Ethernet> port 0x3000-0x301f mem 0xb7fff000-0xb7ffffff,0xc6e00000-0xc6efffff irq 15 at device 7.0 on pci1
fxp0: Ethernet address: 00:50:8b:6d:17:3d
fxp1: <Intel 82558 Pro/100 Ethernet> port 0x2c00-0x2c1f mem 0xb5fff000-0xb5ffffff,0xc6d00000-0xc6dfffff irq 11 at device 13.0 on pci0
fxp1: Ethernet address: 00:50:8b:01:24:bc
%cat /etc/rc.conf
defaultrouter="192.168.0.33"
ifconfig_tl0="inet 192.168.0.35 netmask 255.255.255.240"
ifconfig_fxp0="inet 192.168.0.50 netmask 255.255.255.240"
ifconfig_fxp1="inet 10.0.14.1 netmask 255.255.255.0"
gateway_enable="YES"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.conf"
%cat /etc/ipnat.conf
map fxp0 10.0.14.0/24 -> 0/32 portmap tcp/udp 30000:60000
map fxp0 10.0.14.0/24 -> 0/32
%netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.0.33 UGS 0 649736 tl0
10.0.14.0/24 link#3 UC 0 0 fxp1
192.168.0.32/28 link#1 UC 0 0 tl0
192.168.0.33 00:09:7c:61:93:30 UHLW 2 18057 tl0 1170
192.168.0.35 00:50:8b:50:f2:0e UHLW 1 564 lo0
192.168.0.48 ff:ff:ff:ff:ff:ff UHLWb 1 2 fxp0 =>
192.168.0.48/28 link#2 UC 0 0 fxp0
127.0.0.1 127.0.0.1 UH 0 31556 lo0
IP Filter is configured to allow all outgoing traffic for all three interfaces.
Does it look like a routing issue?
Any tips would be greatly appreciated!
Many thanks!
Hi list-
I'm running FreeBSD 7.0-STABLE with three network interfaces compiled with IP Filter support (v4.1.28 (404)).
The first interface is tl0 (192.168.0.35 / 255.255.255.240), the second one is fxp0 (192.168.0.50 / 255.255.255.240) and the third one is fxp1 (10.0.10.1 / 255.255.255.0).
I would like to NAT 10.0.10 network through fxp0 interface and for some reason it doesn't work -- users are not able to pass through fxp0. Actually I don't see NAT working on fxp0 interface at all. If I do NAT through tl0 it works OK, but not with fxp0. I'm able however to ping all three interfaces from 10.0.10 network.
Here is more detailed information about my setup:
%dmesg | grep tl0
tl0: <Compaq Netelligent 10/100 Proliant> port 0x2c40-0x2c4f mem 0xc6cfccf0-0xc6cfccff irq 10 at device 7.0 on pci0
miibus0: <MII bus> on tl0
tl0: Ethernet address: 00:50:8b:50:f2:0e
%dmesg | grep fxp
fxp0: <Intel 82558 Pro/100 Ethernet> port 0x3000-0x301f mem 0xb7fff000-0xb7ffffff,0xc6e00000-0xc6efffff irq 15 at device 7.0 on pci1
fxp0: Ethernet address: 00:50:8b:6d:17:3d
fxp1: <Intel 82558 Pro/100 Ethernet> port 0x2c00-0x2c1f mem 0xb5fff000-0xb5ffffff,0xc6d00000-0xc6dfffff irq 11 at device 13.0 on pci0
fxp1: Ethernet address: 00:50:8b:01:24:bc
%cat /etc/rc.conf
defaultrouter="192.168.0.33"
ifconfig_tl0="inet 192.168.0.35 netmask 255.255.255.240"
ifconfig_fxp0="inet 192.168.0.50 netmask 255.255.255.240"
ifconfig_fxp1="inet 10.0.14.1 netmask 255.255.255.0"
gateway_enable="YES"
ipfilter_enable="YES"
ipfilter_rules="/etc/ipf.rules"
ipmon_enable="YES"
ipmon_flags="-Ds"
ipnat_enable="YES"
ipnat_rules="/etc/ipnat.conf"
%cat /etc/ipnat.conf
map fxp0 10.0.14.0/24 -> 0/32 portmap tcp/udp 30000:60000
map fxp0 10.0.14.0/24 -> 0/32
%netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.0.33 UGS 0 649736 tl0
10.0.14.0/24 link#3 UC 0 0 fxp1
192.168.0.32/28 link#1 UC 0 0 tl0
192.168.0.33 00:09:7c:61:93:30 UHLW 2 18057 tl0 1170
192.168.0.35 00:50:8b:50:f2:0e UHLW 1 564 lo0
192.168.0.48 ff:ff:ff:ff:ff:ff UHLWb 1 2 fxp0 =>
192.168.0.48/28 link#2 UC 0 0 fxp0
127.0.0.1 127.0.0.1 UH 0 31556 lo0
IP Filter is configured to allow all outgoing traffic for all three interfaces.
Does it look like a routing issue?
Any tips would be greatly appreciated!
Many thanks!