From owner-freebsd-net@FreeBSD.ORG Tue Apr 13 08:02:35 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1DB5C16A4CE for ; Tue, 13 Apr 2004 08:02:35 -0700 (PDT) Received: from webmail.emre.de (webmail.emre.de [194.8.203.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52B3743D6E for ; Tue, 13 Apr 2004 08:02:34 -0700 (PDT) (envelope-from info@emre.de) Received: by webmail.emre.de (Postfix, from userid 80) id 819253A23E; Tue, 13 Apr 2004 17:02:31 +0200 (CEST) Received: from sys-125.netcologne.de (sys-125.netcologne.de [194.8.193.125]) by webmail.emre.de (Horde) with HTTP for ; Tue, 13 Apr 2004 17:02:30 +0200 Message-ID: <1081868550.3f2e268094821@webmail.emre.de> Date: Tue, 13 Apr 2004 17:02:30 +0200 From: Emre Bastuz To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) 4.0-cvs Subject: NAT issue - answer packets not sent to default gateway X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Apr 2004 15:02:35 -0000 Hi, I have a FreeBSD box with four interfaces (actually four VLAN interfaces ove= r one trunk). Packets from arbitrary IP addresses are supposed to arrive through interface= s 1-3 and the answer to those requests is supposed to be sent out on interface= 4 (which is the default gateway). Main goal is to create some kind of forced portal. To achieve this I=B4ve be= en testing NAT rules, mainly this one: rdr vlan220 0/0 port 80 -> 127.0.0.1 port 80 tcp The translation itself works as expected so every http request is being forc= ed to the proxy machine itself: bash-2.05b# ipnat -l List of active sessions: RDR 127.0.0.1 80 <- -> 198.133.219.25 80 [some.source.add.res 1= 098] When the PC with the IP some.source.add.res fires up the browser and request= s http://www.cisco.com/ I would expect a different page to show up, namely the index.html the Apache on 127.0.0.1 is configured to show. However this does not happen as long a I do not have a host route for the requesting PC on my proxy machine such as this: bash-2.05b# route add -host some.source.add.res 192.168.0.1 (where 192.168.0.1 is the "other" side of a point to point link on one of th= e interfaces 1-3). Am I missing something? This is driving me nuts. Honestly. TIA, Emre P.S.: net.inet.ip.forwarding=3D1 -- http://www.emre.de UIN: 561260 PGP Key ID: 0xAFAC77FD I don't see why some people even HAVE cars. -- Calvin ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.