From owner-freebsd-net Thu Nov 8 14: 9:56 2001 Delivered-To: freebsd-net@freebsd.org Received: from free.wgops.com (dsl092-002-178.sfo1.dsl.speakeasy.net [66.92.2.178]) by hub.freebsd.org (Postfix) with ESMTP id 1193237B405 for ; Thu, 8 Nov 2001 14:09:53 -0800 (PST) Received: from activemessage.com (dsl092-002-177.sfo1.dsl.speakeasy.net [66.92.2.177]) by free.wgops.com (8.11.3/8.11.3) with ESMTP id fA8M9pN41234; Thu, 8 Nov 2001 14:09:51 -0800 (PST) (envelope-from mike@activemessage.com) Message-ID: <3BEB02AF.C4E8B114@activemessage.com> Date: Thu, 08 Nov 2001 14:09:51 -0800 From: Michael Loftis X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: cjclark@alum.mit.edu Cc: Michael Loftis , freebsd-net@FreeBSD.ORG Subject: Re: natd behaviour. References: <3BEA89B3.B88C5048@wgops.com> <20011108123917.F51134@blossom.cjclark.org> <3BEAFB9D.87AB5EA8@activemessage.com> <20011108140354.I51134@blossom.cjclark.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Crist J. Clark" wrote: > On Thu, Nov 08, 2001 at 01:39:41PM -0800, Michael Loftis wrote: > > "Crist J. Clark" wrote: > > > On Thu, Nov 08, 2001 at 05:33:39AM -0800, Michael Loftis wrote: > > > > I'm running natd and I need to change it's behaviour slightly. it seems > > > > that if it doesn't find a redirect_address match it'll drop connection > > > > requests for that address, so putting it in a simplest-case divert from > > > > any to any type of ipfw rulle severly breaks things. What I need it to > > > > do is pass those through unmodified. > > > > > > > > Can I get it to do this or am I going to have to get specific with my > > > > ipfw rules? > > > > > > If I understand what you are saying, it should be doing this > > > already. That is, natd(8) passes through anything it does not modify > > > untouched. It does not drop (any normal) packets. > > > > already established sesions transit fine, but new sessions (specifically what > > I'm inerested in are new sessions to the local machine) to anything other than > > the configured redirect_* stanzas get dropped. ipfw is not the culprit, natd > > in verbose mode makes note of the fact that it is dropping these packets. > > Could we see this? > > > BAsically the only problem I'm having is with setup (SYN set apparently) > > packets sent through natd, if they don't match up witha redirect rule they > > get silently dropped. > > I thought you just said it was saying it was doing this in verbose > mode? Sorry, by silently I mean it never makes it back to ipfw for further processing and it just ends up in the garbage. > Might be some weird vlan(4)-natd(8) interaction, but I can't say. I'd doubt that, it all works just fine except for the case where it shouldn't touch the packet at all, it seems to ignore that and still touches the packet once in a while. > -- > Crist J. Clark | cjclark@alum.mit.edu > | cjclark@jhu.edu > http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message