From owner-freebsd-questions Sun Feb 25 16:14:23 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 8213A37B69B for ; Sun, 25 Feb 2001 16:14:18 -0800 (PST) (envelope-from cjc@rfx-216-196-73-168.users.reflexcom.com) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sun, 25 Feb 2001 16:12:02 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f1Q0DsO23285; Sun, 25 Feb 2001 16:13:54 -0800 (PST) (envelope-from cjc) Date: Sun, 25 Feb 2001 16:13:53 -0800 From: "Crist J. Clark" To: "Brent B. Powers" Cc: "Brent B.Powers" , freebsd-questions@FreeBSD.ORG Subject: Re: With natd server, can't hit my own static IP's Message-ID: <20010225161353.S89396@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <20010221004746.Y62368@rfx-216-196-73-168.users.reflex> <15000.46171.122193.363607@Sophie.B2Pi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <15000.46171.122193.363607@Sophie.B2Pi.com>; from fbsdq@b2pi.com on Sun, Feb 25, 2001 at 02:29:31AM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, Feb 25, 2001 at 02:29:31AM -0500, Brent B. Powers wrote: [snip] > Thus the commands (on the gateway box, with a debug firewall) > > (TBird)/etc[16]#/bin/sh /etc/rc.firewall > Flushed all rules. > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00340 divert 8668 ip from any to any via de0 > 00350 divert 8669 ip from 192.168.1.0/24 to 216.254.64.0/24 via rl0 > 65000 allow ip from any to any > (TBird)/etc[17]#/sbin/natd -config /etc/natd.conf -port 8669 -n rl0 -v > natd[26563]: Aliasing to 192.168.1.1, mtu 1500 bytes > In [ICMP] [ICMP] 192.168.1.188 -> 216.254.64.186 8(0) aliased to > [ICMP] 192.168.1.188 -> 192.168.1.186 8(0) > In [ICMP] [ICMP] 192.168.1.188 -> 216.254.64.186 8(0) aliased to > [ICMP] 192.168.1.188 -> 192.168.1.186 8(0) > In [ICMP] [ICMP] 192.168.1.188 -> 216.254.64.186 8(0) aliased to > [ICMP] 192.168.1.188 -> 192.168.1.186 8(0) > In [TCP] [TCP] 192.168.1.188:1049 -> 216.254.64.186:21 aliased to > [TCP] 192.168.1.188:1049 -> 192.168.1.186:21 > In [TCP] [TCP] 192.168.1.188:1049 -> 216.254.64.186:21 aliased to > [TCP] 192.168.1.188:1049 -> 192.168.1.186:21 > In [TCP] [TCP] 192.168.1.188:1049 -> 216.254.64.186:21 aliased to > [TCP] 192.168.1.188:1049 -> 192.168.1.186:21 I think I see what is going on here. That rule 350 was a bad idea on my part. Replies from 192.168.1.186 do not get put through NAT. What does, 00350 divert 8669 ip from any to any via rl0 And running the internal natd with the '-reverse' option do? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message