From owner-freebsd-net Tue Jul 10 13:29:33 2001 Delivered-To: freebsd-net@freebsd.org Received: from InterJet.elischer.org (c421509-a.pinol1.sfba.home.com [24.7.86.9]) by hub.freebsd.org (Postfix) with ESMTP id AAB8A37B403 for ; Tue, 10 Jul 2001 13:29:29 -0700 (PDT) (envelope-from julian@elischer.org) Received: from InterJet.elischer.org (InterJet.elischer.org [192.168.1.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id PAA55042; Tue, 10 Jul 2001 15:15:11 -0700 (PDT) Date: Tue, 10 Jul 2001 15:15:10 -0700 (PDT) From: Julian Elischer To: Peter Warrick Cc: freebsd-net@freebsd.org Subject: Re: IPFW and NATD In-Reply-To: <200107102003.OAA19966@mail.guest-tek.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You need to divert bith directions. On Tue, 10 Jul 2001, Peter Warrick wrote: > I was referred to you by an Archie Cobbs who I guess did some of the > ipfw code in FreeBSD? I have a question that I'm hoping someone over on > your end might be able to help me with. I apologize if this email has > reached the wrong person btw. :) > > I have setup a server with 2 NIC cards and have natd running on en0 > (natd -interface en0). When I execute the ipfw command.... > > ipfw add divert natd all from any to any via en0 > > everything works find and all my computers behind my server are able to > get out to the Internet. But when I try to just divert one IP on my > private network it doesn't work. I need this functionality to be able to > specify only certain machines to be nated. The command I used was... > > ipfw add divert natd all from 192.168.1.2 to any via en0 Unfortunatly as you don't know what the outgoing session looks like you have to divert all incoming packets to natd to let it take it's pick. ipfw add divert natd ip from any to in recv en0 This assumes that natd is set up to allow non-matching packets proceeed on their way. > > 192.168.1.2 is the IP of the local machine behind my server and the IP > of en1 which this machine is connected to is 192.168.1.1 which I have > setup as my gateway on my local machine. > > Do you have any ideas why this doesn't work or what I have done wrong? > Do I need to type in another command? > > Thank you for your time and any help you might be able to provide. > > Peter Warrick. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message