Date: Sun, 17 Feb 2002 18:08:07 -0800 From: Tim Fulmer <tfulmer@dslextreme.com> To: "Crist J. Clark" <cjc@FreeBSD.org> Cc: freebsd-questions@FreeBSD.org Subject: Re: natd and redirect_port Message-ID: <5.1.0.14.0.20020217180513.00a72df0@mail.dslextreme.com> In-Reply-To: <20020217010330.I48401@blossom.cjclark.org> References: <000a01c1b5bf$b94b5ef0$f2dca8c0@athena> <000a01c1b5bf$b94b5ef0$f2dca8c0@athena>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:03 AM 2/17/2002 -0800, you wrote: >On Thu, Feb 14, 2002 at 05:25:59PM -0800, Tim Fulmer wrote: > > > > > > Hi All, > > > > Having a bit of trouble with natd. > > > > Here's the setup : > > > > Internet > > | > > 66.Q.X.Y > > 192.168.A.1---->192.168.A.2 > > 192.168.B.1 > > +--->192.168.B.2 > > > > I am browsing from 192.168.B.2. > > > > compiled a kernel with added options : > > > > options CPU_FASTER_5X86_FPU > > options NO_F00F_HACK > > options TCP_DROP_SYNFIN > > options IPFIREWALL > > options IPFIREWALL_FORWARD > > options IPFIREWALL_VERBOSE > > options IPFIREWALL_VERBOSE_LIMIT=100 > > options IPDIVERT > > > > > > relevant rc.conf : > > > > gateway_enable="YES" > > ifconfig_rl0="inet 66.Q.X.Y netmask 255.255.255.0" > > ifconfig_rl0_alias0="inet 66.Q.X.Z netmask 255.255.255.255" > > firewall_enable="YES" > > firewall_type="OPEN" > > natd_enable="YES" > > natd_interface="rl0" > > natd_flags="-f /etc/natd.conf" > > > > > > and natd.conf : > > > > redirect_port tcp 192.168.A.2:80 80 > > > > > > and am still getting the local apache installation when I point a > browser at 66.Q.X.Y, though the connection sharing works fine from both > internal nets. At some point in the future redirect_address may also be > a good idea, but right now that is non-functional as well. > > > > Any suggestions would be greatly appreciated. > >You are saying that the redirect does not work when you try to connect >from the NAT'ed network? This is expected. When you send the SYN to >66.Q.X.Y it goes to the gateway on the internal interface. It goes >through your firewall rules and is either accepted or denied (you >didn't show us the rules). If it is denied, story over. If it is >accepted, the machine recognizes 66.Q.X.Y as its own address and >processes the packet. And you are apparently running a webserver on >this machine so it responds as expected. > >This is apparently not what you expect? natd(8) is only passed packets >from ipfw(8) via the 'divert' rule when the packets are crossing the >rl0 interface. In this situation, the packets never cross rl0, never >go to natd(8), and translation will never occur. >-- >Crist J. Clark | cjclark@alum.mit.edu > | cjclark@jhu.edu >http://people.freebsd.org/~cjc/ | cjc@freebsd.org Yep, jumped across the street to the library and it worked just fine. Thanks, I was going crazy on that one. - tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020217180513.00a72df0>