From owner-freebsd-questions@FreeBSD.ORG Fri Dec 30 11:06:32 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08DC116A420 for ; Fri, 30 Dec 2005 11:06:31 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.web-strider.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE39B43D48 for ; Fri, 30 Dec 2005 11:06:30 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id jBUB9iP99154; Fri, 30 Dec 2005 03:09:45 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Chris S. Wilson" , "Greg Barniskis" Date: Fri, 30 Dec 2005 03:06:21 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 Importance: Normal Cc: freebsd-questions Subject: RE: NATD Internal Network problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Dec 2005 11:06:32 -0000 >-----Original Message----- >From: owner-freebsd-questions@freebsd.org >[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Chris S. Wilson >Sent: Thursday, December 29, 2005 3:08 PM >To: Greg Barniskis >Cc: freebsd-questions >Subject: RE: NATD Internal Network problems > > >Weird, every other router I've used forwards all the packets properly, >even my backup linksys when I hook it up. > Those aren't forwarding the packets properly. The CPU in your Linksys isn't capabable of routing 100Mbt of traffic from an inside host to your linksys then back to the inside host. Try it some time and see for yourself. - copy a large file around or some such. While it's happening your Internet access will roll over and die. What the commercial routers like a Cisco can do is DNS translation, assuming the DNS server is on the outside. The DNS server responds with the outside IP address and the translator in the Cisco converts it to the inside private number. So the hosts on the inside can use a regular hostname that would normally resolve to the outside of the translator, and they get the inside number and nobody knows the difference. Some other translators pull this trick by having the DNS server set to the IP address of the translator, and they proxy all the DNS queries. There's a good chance that a large number of these "every other router I've used" routers you have used are in fact doing this, and you just didn't even notice. It is actually extremely easy to do the same thing on a FreeBSD box running as a translator. Just turn on named, and setup the named file for the domain used on your inside net, and forward all other queries to the real DNS servers on the outside. Then set the inside hosts to use the FreeBSD box as their DNS server. This is exactly how Linksys does it. If you need instructions just ask, they are very easy. Ted >Really I don't want to do the split dns stuff, sadly I will have to move >away from FreeBSD for performing this operation I guess. > >Thanks for the help! > >CW. > >-----Original Message----- >From: Greg Barniskis [mailto:nalists@scls.lib.wi.us] >Sent: Thursday, December 29, 2005 3:05 PM >To: Chris S. Wilson >Cc: freebsd-questions >Subject: Re: NATD Internal Network problems > >Chris S. Wilson wrote: >> Hello! :) >> >> I am having a problem with freebsd 5.3-release and natd. >> >> When I try to connect to a service on my internal network to an IP on >> my external network that has a port redirected, it wont connect. >> >> IE: 67.128.100.2 is my external IP, on my internal network I try to >> connect to 67.128.101.2:80 which is forwarded in my natd.conf and the >> connection is refused. >> >> Does anyone know why? > >I don't know the exact technical reasons "why" but I will confirm for >you that this simply does not work, and the reasons why center around it >being a rather tortured mess. > >Your inside machines should reach your inside server by its inside >address. Think about how you're sending your request outside the >firewall (getting the request NATed on the way out) and then back in >(getting the request re-NATed), and then having the reply packets from >the web server have to take the reverse of that path. Yuck. > >Use split DNS so that that "www.example.com" appears to external clients >as being your external NAT server address, and appears to inside clients >as the web server's real inside address. > > >-- >Greg Barniskis, Computer Systems Integrator South Central Library System >(SCLS) Library Interchange Network (LINK) , >(608) 266-6348 >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to >"freebsd-questions-unsubscribe@freebsd.org" > >-- >No virus found in this incoming message. >Checked by AVG Free Edition. >Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: >12/29/2005 >