Date: Thu, 15 Apr 2004 14:45:46 +0200 From: Emre Bastuz <info@emre.de> To: freebsd-isp@FreeBSD.ORG Subject: NAT and Routing question Message-ID: <1082033146.0d032a162575d@webmail.emre.de>
next in thread | raw e-mail | index | archive | help
Hi, it seems I=B4m stuck here due to a NAT/Routing issue. For building a forced proxy I am trying to do the following: PC -> [Interface A -> redirect to 127.0.0.1, port 80 -> Interface B (default gateway)] -> PC 1. User on PC opens browser to connect to an arbitrary site 2. the request enters the proxy machine on interface "A" 3. an ipf/ipnat redirection rule "rdr InterfaceA 0/0 port 80 -> 127.0.0.1/32 port 80 tcp" does the redirection 4. the local Apache picks the appropriate page 5. the translation/redirection from 3 is being reversed 6. the answer is sent out on interface "B" with the original source address = and the original destination address but with the payload from the proxy Everything works up to point 4 - but the answer never reaches the requesting PC. It seems that the NAT can not be reverted when the answers are being sen= t out on a different interface then they arrived on. Seems the state is not on= ly being kept in terms of source ip:source port/destination ip:destination port but also interface wise. Might this be the reason? If I enter a hostroute to send the answer to the requets out to InterfaceA instead of InterfaceB, everything works. The point is, I do not want to ente= r routes back to the "PC=B4s" as this would be time consuming. I=B4d prefer ha= ving everything sent out on the default gateway. Any help/hint will be appreciated. TIA, Emre -- I don't see why some people even HAVE cars. -- Calvin ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1082033146.0d032a162575d>