From owner-freebsd-isp@FreeBSD.ORG Thu Apr 15 05:45:50 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5004016A4CE for ; Thu, 15 Apr 2004 05:45:50 -0700 (PDT) Received: from webmail.emre.de (webmail.emre.de [194.8.203.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79CAD43D46 for ; Thu, 15 Apr 2004 05:45:49 -0700 (PDT) (envelope-from info@emre.de) Received: by webmail.emre.de (Postfix, from userid 80) id DC0423A23E; Thu, 15 Apr 2004 14:45:46 +0200 (CEST) Received: from sys-125.netcologne.de (sys-125.netcologne.de [194.8.193.125]) by webmail.emre.de (Horde) with HTTP for ; Thu, 15 Apr 2004 14:45:46 +0200 Message-ID: <1082033146.0d032a162575d@webmail.emre.de> Date: Thu, 15 Apr 2004 14:45:46 +0200 From: Emre Bastuz To: freebsd-isp@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) 4.0-cvs Subject: NAT and Routing question X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Apr 2004 12:45:50 -0000 Hi, it seems I=B4m stuck here due to a NAT/Routing issue. For building a forced proxy I am trying to do the following: PC -> [Interface A -> redirect to 127.0.0.1, port 80 -> Interface B (default gateway)] -> PC 1. User on PC opens browser to connect to an arbitrary site 2. the request enters the proxy machine on interface "A" 3. an ipf/ipnat redirection rule "rdr InterfaceA 0/0 port 80 -> 127.0.0.1/32 port 80 tcp" does the redirection 4. the local Apache picks the appropriate page 5. the translation/redirection from 3 is being reversed 6. the answer is sent out on interface "B" with the original source address = and the original destination address but with the payload from the proxy Everything works up to point 4 - but the answer never reaches the requesting PC. It seems that the NAT can not be reverted when the answers are being sen= t out on a different interface then they arrived on. Seems the state is not on= ly being kept in terms of source ip:source port/destination ip:destination port but also interface wise. Might this be the reason? If I enter a hostroute to send the answer to the requets out to InterfaceA instead of InterfaceB, everything works. The point is, I do not want to ente= r routes back to the "PC=B4s" as this would be time consuming. I=B4d prefer ha= ving everything sent out on the default gateway. Any help/hint will be appreciated. TIA, Emre -- I don't see why some people even HAVE cars. -- Calvin ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.