From owner-freebsd-questions Sat Feb 16 21:39:21 2002 Delivered-To: freebsd-questions@freebsd.org Received: from priv-edtnes15-hme0.telusplanet.net (defout.telus.net [199.185.220.240]) by hub.freebsd.org (Postfix) with ESMTP id 5FCD337B42A for ; Sat, 16 Feb 2002 21:38:59 -0800 (PST) Received: from lantechhome ([142.179.230.5]) by priv-edtnes15-hme0.telusplanet.net (InterMail vM.5.01.04.01 201-253-122-122-101-20011014) with SMTP id <20020217053859.OYPQ4620.priv-edtnes15-hme0.telusplanet.net@lantechhome>; Sat, 16 Feb 2002 22:38:59 -0700 Message-ID: <001d01c1b776$6d92dd90$05e6b38e@lantechhome> From: "Shawn Dillon" To: "Ken Bolingbroke" Cc: References: <20020216085519.E91586-100000@fremont.bolingbroke.com> Subject: Re: Natd,ipfw,vnc and multiple interfaces Date: Sat, 16 Feb 2002 22:46:21 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thanks for the advice so far. I am so close it is almost painful. Right now if I run the following command bash-2.05# natd -v -use_sockets -same_ports -n xl3 -p 8669 -redirect_address 10.0.11.1 142.59.206.229 I get the following feedback natd[1533]: Aliasing to 142.59.206.229, mtu 1500 bytes In [TCP] [TCP] 142.179.230.5:1123 -> 142.59.206.229:5900 aliased to [TCP] 142.179.230.5:1123 -> 10.0.11.1:5900 In [TCP] [TCP] 142.179.230.5:1123 -> 142.59.206.229:5900 aliased to [TCP] 142.179.230.5:1123 -> 10.0.11.1:5900 In [TCP] [TCP] 142.179.230.5:1123 -> 142.59.206.229:5900 aliased to [TCP] 142.179.230.5:1123 -> 10.0.11.1:5900 Which tells me that the second natd IS aliasing the packets ( I want them to go to the 10.0.11.1 address from the external (142.59.206.229). I think I am missing something from my firewall script (IPFW) to actually pass those packets thru.Here is my simple script. #Flush existing rules /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via xl1 /sbin/ipfw add divert 8669 all from any to any via xl3 /sbin/ipfw add allow all from any to any /sbin/ipfw add pass all from any to any /sbin/ipfw add fwd 10.0.11.2 all from any to 10.0.11.1 via xl3 ( The last line was my attempt to get the firewall to take any traffic marked for 10.0.11.1 on xl3 and make the next hop for it 10.0.11.2 , whch would be my internal NIC. Any ideas? ( Actual scripts that work for you?) Shawn ----- Original Message ----- From: "Ken Bolingbroke" To: "Shawn Dillon" Cc: Sent: Saturday, February 16, 2002 10:02 AM Subject: Re: Natd,ipfw,vnc and multiple interfaces > > > On Sat, 16 Feb 2002, Shawn Dillon wrote: > > > One more question. I remember a post on starting natd and getting a 'unable > > to bind divert address" error because natd was already in use. How does this > > affect starting multiple natd daemons. > > > > And thanks for the response thus far. > > Use the -p option to natd to specify a different port to listen on, and > then use that new port in your ipfw rules as well. That is, the > respective natd and ipfw rules might look something like: > > natd -n fxp0 > add divert natd all from any to any via fxp0 > > natd -n fxp1 -p 8669 > add divert 8669 all from any to any via fxp1 > > Ken Bolingbroke > hacker@bolingbroke.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message