From owner-freebsd-questions Tue Sep 12 20:13:24 2000 Delivered-To: freebsd-questions@freebsd.org Received: from ns1.venon.com (ns1.venon.com [64.7.7.83]) by hub.freebsd.org (Postfix) with ESMTP id C6F7237B422 for ; Tue, 12 Sep 2000 20:13:20 -0700 (PDT) Received: from megalomaniac.biosys.net (megalomaniac.venon.com [64.7.7.82]) by ns1.venon.com (Postfix) with ESMTP id 8B7B8D144D for ; Tue, 12 Sep 2000 23:15:38 -0400 (EDT) Message-Id: <4.3.2.7.2.20000912231213.00b16d18@mail.megapathdsl.net> X-Sender: (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 12 Sep 2000 23:15:56 -0400 To: freebsd-questions@FreeBSD.ORG From: Allen Landsidel Subject: Re: Natd Failing to properly rewrite packets In-Reply-To: <20000912175431.E10483@zack.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 17:54 09/12/2000 -0700, edinel@zack.com wrote: >So I'm building a replacement for our current firewall. > >Right now it's set up as a firewall_type="open" firewall > >natd is running with the following conf file: >log >interface fxp0 >redirect_port tcp 10.0.2.12:80 80 >redirect_port tcp 10.0.0.2:22 22 > >IPDIVERT and IPFIREWALL are both compiled in. > >And yet packets sent to port 80 of the interface never come back. >If I turn on verbose logging I get: > >natd[299]: Aliasing to 205.179.125.67, mtu 1500 bytes >In [TCP] [TCP] 205.179.125.70:3094 -> 205.179.125.67:80 aliased to > [TCP] 205.179.125.70:3094 -> 10.0.2.12:80 >In [TCP] [TCP] 205.179.125.70:3094 -> 205.179.125.67:80 aliased to > [TCP] 205.179.125.70:3094 -> 10.0.2.12:80 You have no output here for any "Out" packets, so I am guessing that the machine on 10.0.2.12 does not have it's gateway set to the internal address of the machine owning 205.179.125.67 in your example. Check the 10.0.2.12 machine to make sure it's receiving the packets, which I'm sure it is. If it is, and it's gateway is correct, then check with a packet sniffer to see if it is sending responses to the packets it receives. -------signature file------- PGP Key Fingerprint: 446B 7718 B219 9F1E 43DD 8E4A 6BE9 D739 CCC5 7FD7 Available from ldap://certserver.pgp.com "I don't think [Linux] will be very successful in the long run." "My experience and some of my friends' experience is that Linux is quite unreliable. Microsoft is really unreliable but Linux is worse." -Ken Thompson, Interview May 1999. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message