Date: Thu, 15 Apr 2004 14:45:46 +0200 From: Emre Bastuz <info@emre.de> To: freebsd-isp@FreeBSD.ORG Subject: NAT and Routing question Message-ID: <1082033146.0d032a162575d@webmail.emre.de>
index | next in thread | raw e-mail
Hi, it seems I´m stuck here due to a NAT/Routing issue. For building a forced proxy I am trying to do the following: PC -> [Interface A -> redirect to 127.0.0.1, port 80 -> Interface B (default gateway)] -> PC 1. User on PC opens browser to connect to an arbitrary site 2. the request enters the proxy machine on interface "A" 3. an ipf/ipnat redirection rule "rdr InterfaceA 0/0 port 80 -> 127.0.0.1/32 port 80 tcp" does the redirection 4. the local Apache picks the appropriate page 5. the translation/redirection from 3 is being reversed 6. the answer is sent out on interface "B" with the original source address and the original destination address but with the payload from the proxy Everything works up to point 4 - but the answer never reaches the requesting PC. It seems that the NAT can not be reverted when the answers are being sent out on a different interface then they arrived on. Seems the state is not only being kept in terms of source ip:source port/destination ip:destination port but also interface wise. Might this be the reason? If I enter a hostroute to send the answer to the requets out to InterfaceA instead of InterfaceB, everything works. The point is, I do not want to enter routes back to the "PC´s" as this would be time consuming. I´d prefer having everything sent out on the default gateway. Any help/hint will be appreciated. TIA, Emre -- I don't see why some people even HAVE cars. -- Calvin ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1082033146.0d032a162575d>