From owner-freebsd-questions@FreeBSD.ORG Thu Dec 29 23:08:27 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9870816A41F for ; Thu, 29 Dec 2005 23:08:27 +0000 (GMT) (envelope-from cswilson@ordizmelby.com) Received: from omaserver.ordizmelby.com (omaserver.ordizmelby.com [67.128.101.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 340F343D46 for ; Thu, 29 Dec 2005 23:08:26 +0000 (GMT) (envelope-from cswilson@ordizmelby.com) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Thu, 29 Dec 2005 15:08:25 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: NATD Internal Network problems Thread-Index: AcYMzEhBf0+q/Y2/TwyWmbMARI8+3gAACYdQ From: "Chris S. Wilson" To: "Greg Barniskis" Cc: freebsd-questions Subject: RE: NATD Internal Network problems X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Dec 2005 23:08:27 -0000 Weird, every other router I've used forwards all the packets properly, even my backup linksys when I hook it up. Really I don't want to do the split dns stuff, sadly I will have to move away from FreeBSD for performing this operation I guess. Thanks for the help! CW.=20 -----Original Message----- From: Greg Barniskis [mailto:nalists@scls.lib.wi.us]=20 Sent: Thursday, December 29, 2005 3:05 PM To: Chris S. Wilson Cc: freebsd-questions Subject: Re: NATD Internal Network problems Chris S. Wilson wrote: > Hello! :) >=20 > I am having a problem with freebsd 5.3-release and natd. >=20 > When I try to connect to a service on my internal network to an IP on=20 > my external network that has a port redirected, it wont connect. >=20 > IE: 67.128.100.2 is my external IP, on my internal network I try to=20 > connect to 67.128.101.2:80 which is forwarded in my natd.conf and the=20 > connection is refused. >=20 > Does anyone know why? I don't know the exact technical reasons "why" but I will confirm for you that this simply does not work, and the reasons why center around it being a rather tortured mess. Your inside machines should reach your inside server by its inside address. Think about how you're sending your request outside the firewall (getting the request NATed on the way out) and then back in (getting the request re-NATed), and then having the reply packets from the web server have to take the reverse of that path. Yuck. Use split DNS so that that "www.example.com" appears to external clients as being your external NAT server address, and appears to inside clients as the web server's real inside address. -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) , (608) 266-6348