Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Feb 2001 10:52:10 +1100
From:      Tony Landells <ahl@austclear.com.au>
To:        "greg" <greg@fqdn.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: NAT and keep-state issue. 
Message-ID:  <200102212352.KAA29610@tungsten.austclear.com.au>
In-Reply-To: Message from "greg" <greg@fqdn.com>  of "Wed, 21 Feb 2001 18:35:54 -0800." <OHEFKMMEEIPHNLFHPMMLMEIHCAAA.greg@fqdn.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
> 
> Just another thought on that Tony,
> 
> I think I read somewhere that if there is not a 'check-state' rule,
> the dynamic rules would be checked at the first instance of "keep-state".
> Is this your understanding too?

Yes, but the problem is that if the natd on fxp0 is hiding internal
addresses as 222.222.222.222, you need to do a check-state on the
incoming packets before they hit natd again and are translated back
to the internal addresses.

Perhaps you should provide the arguments to natd, and some example of
the logging you're getting from ipfw?

Tony
-- 
Tony Landells					<ahl@austclear.com.au>
Senior Network Engineer				Ph:  +61 3 9677 9319
Australian Clearing Services Pty Ltd		Fax: +61 3 9677 9355
Level 4, Rialto North Tower
525 Collins Street
Melbourne VIC 3000
Australia



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102212352.KAA29610>