From owner-freebsd-questions Tue Sep 12 17:54:35 2000 Delivered-To: freebsd-questions@freebsd.org Received: from jed.zacknetwork.com (gateway.zacknetwork.com [205.179.125.69]) by hub.freebsd.org (Postfix) with ESMTP id F0FAE37B422 for ; Tue, 12 Sep 2000 17:54:31 -0700 (PDT) Received: (from edinel@localhost) by jed.zacknetwork.com (8.9.3/8.9.3) id RAA14363 for freebsd-questions@freebsd.org; Tue, 12 Sep 2000 17:54:31 -0700 Date: Tue, 12 Sep 2000 17:54:31 -0700 From: edinel@zack.com To: freebsd-questions@freebsd.org Subject: Natd Failing to properly rewrite packets Message-ID: <20000912175431.E10483@zack.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG So I'm building a replacement for our current firewall. Right now it's set up as a firewall_type="open" firewall natd is running with the following conf file: log interface fxp0 redirect_port tcp 10.0.2.12:80 80 redirect_port tcp 10.0.0.2:22 22 IPDIVERT and IPFIREWALL are both compiled in. And yet packets sent to port 80 of the interface never come back. If I turn on verbose logging I get: natd[299]: Aliasing to 205.179.125.67, mtu 1500 bytes In [TCP] [TCP] 205.179.125.70:3094 -> 205.179.125.67:80 aliased to [TCP] 205.179.125.70:3094 -> 10.0.2.12:80 In [TCP] [TCP] 205.179.125.70:3094 -> 205.179.125.67:80 aliased to [TCP] 205.179.125.70:3094 -> 10.0.2.12:80 The truly odd thing is if I try to forward port 80 to some other *external* host, I get this: In [TCP] [TCP] 205.179.125.70:3095 -> 205.179.125.67:80 aliased to [TCP] 205.179.125.70:3095 -> 171.64.13.135:80 Out [TCP] [TCP] 205.179.125.70:3095 -> 171.64.13.135:80 aliased to [TCP] 205.179.125.67:3095 -> 171.64.13.135:80 And the port-forwarding works. I'm out of guesses, any help from the crowds? -- | Eddie Dinel | eddie@zack.com | | Zack Network | (650) 286 9225 x3032 | |---------------------------------------------------------------------------| | I don't know, it looks kinda like a squirrel to me... | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message