From owner-freebsd-questions  Tue Aug 28 22:40:23 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from hotmail.com (f146.law11.hotmail.com [64.4.17.146])
	by hub.freebsd.org (Postfix) with ESMTP id C808237B405
	for <freebsd-questions@freebsd.org>; Tue, 28 Aug 2001 22:40:18 -0700 (PDT)
	(envelope-from thisisjoel@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Tue, 28 Aug 2001 22:40:08 -0700
Received: from 172.145.199.247 by lw11fd.law11.hotmail.msn.com with HTTP;	Wed, 29 Aug 2001 05:40:08 GMT
X-Originating-IP: [172.145.199.247]
From: "Joel Rosenberg" <thisisjoel@hotmail.com>
To: nick@rogness.net, freebsd-questions@freebsd.org
Subject: Re: Forwarding packets from the internal network
Date: Wed, 29 Aug 2001 05:40:08 
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F146mdMJOtd3rOE9TuH0001501b@hotmail.com>
X-OriginalArrivalTime: 29 Aug 2001 05:40:08.0560 (UTC) FILETIME=[1034DF00:01C1304D]
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


>You can try the -same_ports option to natd.

   Yeah, I already tried that, to no avail.


>I believe what he is saying is that 192.168.1.21 is responding to
>port 80 requests with a src_port of 80 and not 81 which would not
>work.  So if I understand correctly:
>
>		1) natd gets packet from outside world:
>
>			SOURCE		    DESTINATION
>			remote_IP:16675 --> your_nat_outside_IP:81
>
>		2) natd changes packet to:
>
>			SOURCE		    DESTINATION
>			remote_IP:16675 --> 192.168.1.21:80
>
>		3) Packet gets sent to 192.168.1.21 port 80
>
>		4) 192.168.1.21 responds sending packet back to natd
>			machine.
>
>		5) natd changes packet to:
>
>			SOURCE		    	   DESTINATION
>			your_nat_outside_IP:80 --> remote_IP:16675
>
>		6) packet gets sent out into the world.
>
>
>	Step #5 you want it to be:
>
>			your_nat_outside_IP:81 --> remote_IP:16675
>
>	Is this the problem you were describing?

Bingo. 192.168.1.20 and 192.168.1.21 aren't webservers, they're appliances 
that have a limited number of customizable options, so it looks like I can't 
have 192.168.1.21 operate on port 80, so the only option I see is to have 
natd or some other method retranslate traffic from 192.168.1.21:80 as coming 
from 192.168.1.21:81, so that when the machine on the internet responds, it 
doesn't respond on port 80, thereby getting translated to 192.168.1.20.

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message