Editing
Infrastructure Machines
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= nat = == Summary == This is the main machine to which we ssh and runs all our screen sessions. Further, it's ip runs in a special block which is not routed through the firewall and this is somewhat immune to DoS attacks which hobble our firewall. Lastly, it acts as a nat server for certain/random devices on the private network. * Location: castle, cab 3-7 * OS: FreeBSD 9.1 i386 * Networking: Priv IP: 10.1.4.1, Pub IPs: 69.55.233.195, 69.55.233.196, 69.55.233.197, 69.55.233.198, 69.55.233.199. 1 onboard and 1 PCI * Hardware: Custom 1U. single power supply. * Drives: one 8 GB IDE drive == Services Provided == * nat == nat control == All rules are contained in and look like: <pre>cat /etc/ipnat.rules # www (was 69.55.230.12) # virt19 #bimap fxp0 10.1.4.209/32 -> 69.55.233.198/32 # virt18 #bimap fxp0 10.1.4.208/32 -> 69.55.233.196/32 # virt13 #bimap fxp0 10.1.4.213/32 -> 69.55.233.196/32 # virt12 #bimap fxp0 10.1.4.212/32 -> 69.55.233.196/32 # virt17 bimap fxp0 10.1.4.217/32 -> 69.55.233.196/32 # virt11 #bimap fxp0 10.1.4.211/32 -> 69.55.233.196/32 # ASA #bimap fxp0 10.1.4.172/32 -> 69.55.233.196/32 # P1A bimap fxp0 10.1.4.240/32 -> 69.55.233.197/32 #bimap fxp0 10.1.4.238/32 -> 69.55.233.197/32 # developer (was 69.55.230.17) # jail2 #bimap fxp0 10.1.4.232/32 -> 69.55.233.198/32 # jail8 #bimap fxp0 10.1.4.238/32 -> 69.55.233.198/32 # jail9 #bimap fxp0 10.1.4.239/32 -> 69.55.233.198/32 # POLL #BIMAP EM0 10.1.6.134/32 -> 69.55.230.20/32 # 1U SUN #BIMAP EM0 10.1.4.4/32 -> 69.55.227.46/32 # ?? #BIMAP EM0 10.1.6.3/32 -> 69.55.230.100/32 # random machine #bimap fxp0 10.1.6.13/32 -> 69.55.233.199/32 #bimap fxp0 10.1.4.232/32 -> 69.55.233.199/32 # OFFICE OUTBOUND TRAFFIC #map fxp0 10.1.6.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp #map fxp0 10.1.6.0/24 -> 0.0.0.0/32</pre> A simple entry looks like: bimap fxp0 10.1.4.240/32 -> 69.55.233.197/32 Which essentially means make private IP 10.1.4.240 reachable on 69.55.233.197 and allow 10.1.4.240 to communicate with the public internet via 69.55.233.197 To reload new rule config: ipnat -C -F -f /etc/ipnat.rules You may want to setup natting, as above, when you need to reach a DRAC card's web interface, wherin the DRAC card only has a private IP.
Summary:
Please note that all contributions to JCWiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
JCWiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information