Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 28 Sep 2006 18:50:00 -0700
From:      "Hanns Hartman" <hwhartman@gmail.com>
To:        freebsd-ipfw@freebsd.org
Subject:   ip address of the local user is not nat'd to its alias
Message-ID:  <b218ac810609281850hc08ddebwb0048d196cb6b3fb@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
Hi All,
   I have read through a lot of the mailing list archives and have had
no success with the following problem.  I have a box that is
functioning as a captive portal.  aka think free wifi login at
starbucks or the like.
      I have two interfaces fxp0 and fxp1 that point to two different
networks that have staticly assigned ipaddrs. and a third fxp2 which
is the internal network.  (BTW I am running freebsd 4.11 on this box.)
 I have two instances of natd running on the box one assigned to each
of the two external interfaces with options -snup enabled and each
instance has its own port number.
     So the problem is that when I try to send traffic via an ipfw
divert rule out one of the interfaces and I look at an ethereal trace
on the box of the webserver that is the destination I am trying to get
to, the source ip address is not nat'd to the interface's ip address
that points to that network. so when the destination box tries to send
a responce it doesn't know where to send the packets since its trying
to send them to an ip on the internal network. Do any of you have any
idea why the source address of the initial [SYN]  would be the
internal network and not the ip address of the interface that is on
that network.  I enabled loging on natd and I think its working
because whenever I try to connect to the website I see the natd stats
in the log file increase in number.
thanks in advance for the help
Hanns

KERNEL_CONFIG

...
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPFIREWALL_FORWARD
options         IPDIVERT
options         IPFW2


IPFW_rules

/sbin/ipfw add 500 set 2 divert natd2 ip from $clientip to any in
/sbin/ipfw add 600 set 2 allow ip from any to any in

natd starting
/sbin/natd -p natd -s -u -n fxp1 -P /var/run/natd_fxp1.pid
/sbin/natd -p natd2 -s -u -n fxp0 -P /var/run/natd2_fxp0.pid

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b218ac810609281850hc08ddebwb0048d196cb6b3fb>