Date: Fri, 21 Jan 2000 08:25:14 +0000 From: Brian Somers <brian@Awfulhak.org> To: Richard Martin <dmartin@origenbio.com> Cc: freebsd-net@FreeBSD.ORG, brian@hak.lan.Awfulhak.org Subject: Re: natd: no translation Message-ID: <200001210825.IAA00343@hak.lan.Awfulhak.org> In-Reply-To: Message from Richard Martin <dmartin@origenbio.com> of "Thu, 20 Jan 2000 19:52:54 CST." <3887BBF6.A35EA933@origenbio.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I am setting up a firewall with natd on my FreeBSD system, and for some reason > it does not seem to be translating the local LAN addresses in outbound > packets. > > FreeBSD router w/ two NIC cards: > Internet card xl0 - 216.30.xx > Local network vx0 - 192.168.0.x > > natd is running on xl0 > > I can generally access the outside world OK from the LAN, but certain services > (DNS and PCanywhere requests, among others) receive packets back addressed to > the LAN. These hit one of the first rules on the firewall, deny any destined > for 192.168 networks. > > I have tried running natd with the -n flag and the -a [ip address] flag but > still get packets back on the external iface addressed to the 192.168 > addresses. > > Anyone run into this before? Bear in mind that the divert rule results in the packets being translated to use local addresses for inbound and real addresses for outbound. You probably want a set of ipfw rules that go along the lines ipfw local blah out ipfw dodge spoofs in ipfw remote blah in ipfw divert ipfw local blah in ipfw remote blah out Where ``local blah'' deals with specifics about local network addresses and ``remote blah'' deals with specifics about external addresses. ``dodge spoofs'' deals with external traffic trying to spoof internal IP numbers. <disclaimer> I don't use natd or ipfw at the moment </disclaimer> > -- > Richard Martin dmartin@origen.com > > OriGen Biomedical Tel: +1 512 474 7278 > 2525 Hartford Rd. Fax: +1 512 708 8522 > Austin, TX 78703 http://www.cardiacdocs.com -- Brian <brian@Awfulhak.org> <brian@FreeBSD.org> <http://www.Awfulhak.org>; <brian@OpenBSD.org> Don't _EVER_ lose your sense of humour ! <brian@FreeBSD.org.uk> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001210825.IAA00343>