From owner-freebsd-stable Fri Aug 25 17:27:41 2000 Delivered-To: freebsd-stable@freebsd.org Received: from smtp2.vnet.net (smtp2.vnet.net [166.82.1.32]) by hub.freebsd.org (Postfix) with ESMTP id C7CC337B422 for ; Fri, 25 Aug 2000 17:27:38 -0700 (PDT) Received: from dignus.com (ponds.vnet.net [166.82.177.48]) by smtp2.vnet.net (8.10.1/8.10.1) with ESMTP id e7Q0RVb02335 for ; Fri, 25 Aug 2000 20:27:31 -0400 (EDT) Received: from lakes.dignus.com (lakes.dignus.com [10.0.0.3]) by dignus.com (8.9.2/8.8.5) with ESMTP id UAA37584 for ; Fri, 25 Aug 2000 20:27:30 -0400 (EDT) Received: (from rivers@localhost) by lakes.dignus.com (8.9.3/8.6.9) id UAA91074 for freebsd-stable@freebsd.org; Fri, 25 Aug 2000 20:27:29 -0400 (EDT) Date: Fri, 25 Aug 2000 20:27:29 -0400 (EDT) From: Thomas David Rivers Message-Id: <200008260027.UAA91074@lakes.dignus.com> To: freebsd-stable@freebsd.org Subject: natd & redirect with 4.1-RELEASE? Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm trying to move a venerable 3.1-RELEASE gateway to 4.1-RELEASE, but I'm having a bit of a problem with natd & port redirection. The firewall type is `open', and I have the following options in the kernel: # # IP options # options MROUTING # Multicast routing options IPFIREWALL #firewall options IPFIREWALL_FORWARD #enable transparent proxy support options IPDIVERT #divert sockets /etc/rc.conf looks like: firewall_enable="YES" firewall_type=open # # enable natd - set the interface & flags to forward packets # appropriately. # natd_enable="YES" natd_interface="xl0" natd_flags="-l -m -u -redirect_port tcp 10.0.0.11:telnet 6666 -redirect_port udp 10.0.0.11:telnet 6666" This worked just fantastic with 3.1-RELEASE; but I can't seem to get it to work for 4.1-RELEASE. When you try to telnet to the gateway at port 6666, it just sits there... I've verified that the ipfw rules appear correct: # ipfw list 00050 divert 8668 ip from any to any via xl0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any 65535 deny ip from any to any and, natd is running... Does anyone else have natd issues with 4.1-RELEASE? Have I left something out here? (Could IPFIREWALL_FORWARD be the culprit?) - Thanks - - Dave Rivers - -- rivers@dignus.com Work: (919) 676-0847 Get your mainframe (370) `C' compiler at http://www.dignus.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message