Date: Thu, 8 Nov 2001 14:03:54 -0800 From: "Crist J. Clark" <cristjc@earthlink.net> To: Michael Loftis <mike@activemessage.com> Cc: Michael Loftis <mloftis@wgops.com>, freebsd-net@FreeBSD.ORG Subject: Re: natd behaviour. Message-ID: <20011108140354.I51134@blossom.cjclark.org> In-Reply-To: <3BEAFB9D.87AB5EA8@activemessage.com>; from mike@activemessage.com on Thu, Nov 08, 2001 at 01:39:41PM -0800 References: <3BEA89B3.B88C5048@wgops.com> <20011108123917.F51134@blossom.cjclark.org> <3BEAFB9D.87AB5EA8@activemessage.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 08, 2001 at 01:39:41PM -0800, Michael Loftis wrote:
> "Crist J. Clark" wrote:
> > On Thu, Nov 08, 2001 at 05:33:39AM -0800, Michael Loftis wrote:
> > > I'm running natd and I need to change it's behaviour slightly. it seems
> > > that if it doesn't find a redirect_address match it'll drop connection
> > > requests for that address, so putting it in a simplest-case divert from
> > > any to any type of ipfw rulle severly breaks things. What I need it to
> > > do is pass those through unmodified.
> > >
> > > Can I get it to do this or am I going to have to get specific with my
> > > ipfw rules?
> >
> > If I understand what you are saying, it should be doing this
> > already. That is, natd(8) passes through anything it does not modify
> > untouched. It does not drop (any normal) packets.
>
> already established sesions transit fine, but new sessions (specifically what
> I'm inerested in are new sessions to the local machine) to anything other than
> the configured redirect_* stanzas get dropped. ipfw is not the culprit, natd
> in verbose mode makes note of the fact that it is dropping these packets.
Could we see this?
> BAsically the only problem I'm having is with setup (SYN set apparently)
> packets sent through natd, if they don't match up witha redirect rule they
> get silently dropped.
I thought you just said it was saying it was doing this in verbose
mode?
> Don't say thats not it's behavior, because that is precisely what it is doing.
>
> my natd config is as follows...
>
> unregistered_only
> same_ports
> dynamic
> interface vlan5
>
> redirect_address 192.168.0.2 64.71.178.211
>
> the only active ipfw rule is as follows
> add divert natd all from any to any via vlan5
>
> Topology is simple, external on vlan5 interface (physically fxp0) and internal
> on vlan0 interface (physically fxp1) -- traffic transits fine the upstream
> swithc fully supports vlans via 802.1Q and I have not yet identified any
> problems there (traffic passes to and from the host and itnerfaces just as
> configured). So the vlan ifaces are acting just like a normal ethernet dev.
> It's natd thats being funkified.
Might be some weird vlan(4)-natd(8) interaction, but I can't say.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011108140354.I51134>