Date: Thu, 22 Feb 2001 10:52:10 +1100 From: Tony Landells <ahl@austclear.com.au> To: "greg" <greg@fqdn.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NAT and keep-state issue. Message-ID: <200102212352.KAA29610@tungsten.austclear.com.au> In-Reply-To: Message from "greg" <greg@fqdn.com> of "Wed, 21 Feb 2001 18:35:54 -0800." <OHEFKMMEEIPHNLFHPMMLMEIHCAAA.greg@fqdn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Just another thought on that Tony, > > I think I read somewhere that if there is not a 'check-state' rule, > the dynamic rules would be checked at the first instance of "keep-state". > Is this your understanding too? Yes, but the problem is that if the natd on fxp0 is hiding internal addresses as 222.222.222.222, you need to do a check-state on the incoming packets before they hit natd again and are translated back to the internal addresses. Perhaps you should provide the arguments to natd, and some example of the logging you're getting from ipfw? Tony -- Tony Landells <ahl@austclear.com.au> Senior Network Engineer Ph: +61 3 9677 9319 Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355 Level 4, Rialto North Tower 525 Collins Street Melbourne VIC 3000 Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102212352.KAA29610>