Setting up IPNAT on NetBSD

Enable IP Forwarding

sysctl net.inet.ip.forwarding
sysctl -w net.inet.ip.forwarding=1

cp -pi /etc/sysctl.conf /etc/sysctl.conf.dist
vi /etc/sysctl.conf

net.inet.ip.forwarding=1

IPNAT Configuration

Simple example

vi /etc/ipnat.conf

map PUBLIC_IF SUBNET/24 -> PUBLIC_IP/32 proxy port ftp ftp/tcp
map PUBLIC_IF SUBNET/24 -> PUBLIC_IP/32 portmap tcp/udp 10000:20000
map PUBLIC_IF SUBNET/24 -> PUBLIC_IP/32

Example with three different VLANs an redirections

map xennet1 SUBNET/24 -> PUBLIC_IP/32 proxy port ftp ftp/tcp
map xennet1 SUBNET/24 -> PUBLIC_IP/32 portmap tcp/udp 10000:19999
map xennet1 SUBNET/24 -> PUBLIC_IP/32

map xennet1 SUBNET2/24 -> PUBLIC_IP/32 proxy port ftp ftp/tcp
map xennet1 SUBNET2/24 -> PUBLIC_IP/32 portmap tcp/udp 20000:29999
map xennet1 SUBNET2/24 -> PUBLIC_IP/32

map xennet1 SUBNET3/24 -> PUBLIC_IP/32 proxy port ftp ftp/tcp
map xennet1 SUBNET3/24 -> PUBLIC_IP/32 portmap tcp/udp 30000:39999
map xennet1 SUBNET3/24 -> PUBLIC_IP/32

#team5gw
rdr xennet1 PUBLIC_IP/32 port 2220 -> GATEWAY_IP port 2222

#lenovo
rdr xennet1 PUBLIC_IP/32 port 4444 -> HOSTIP1 port 4444
rdr xennet1 PUBLIC_IP/32 port 2222 -> HOSTIP1 port 22
rdr xennet1 PUBLIC_IP/32 port 52010 -> HOSTIP1 port 52010
#rdr xennet1 PUBLIC_IP/32 port 52001-52010 -> HOSTIP1 port 52001 tcp

#joomla
rdr xennet1 PUBLIC_IP/32 port 80 -> HOSTIP2 port 80
rdr xennet1 PUBLIC_IP/32 port 443 -> HOSTIP2 port 443

#jenkins
rdr xennet1 PUBLIC_IP/32 port 8080 -> HOSTIP3 port 8080
rdr xennet1 PUBLIC_IP/32 port 8443 -> HOSTIP3 port 8443
#rdr xennet1 PUBLIC_IP/32 port 45837 -> HOSTIP3 port 45837
rdr xennet1 PUBLIC_IP/32 port 45873 -> HOSTIP3 port 45873

#luke
#rdr xennet1 PUBLIC_IP/32 port 20 -> HOSTIP4 port 20
rdr xennet1 PUBLIC_IP/32 port 21 -> HOSTIP4 port 21
rdr xennet1 PUBLIC_IP/32 port 50000-50999 -> HOSTIP4 port 50000 tcp

#nsdpub
rdr xennet1 PUBLIC_IP/32 port 53 -> HOSTIP5 port 53

Ready to go

vi /etc/rc.conf

ipnat=yes

/etc/rc.d/ipnat restart

Resources


Nethence | Pub | Lab | Pbraun | SNE Russia | xhtml