From owner-freebsd-questions@FreeBSD.ORG Wed Sep 12 01:18:02 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1048416A418 for ; Wed, 12 Sep 2007 01:18:02 +0000 (UTC) (envelope-from josepha48@yahoo.com) Received: from web34614.mail.mud.yahoo.com (web34614.mail.mud.yahoo.com [209.191.68.148]) by mx1.freebsd.org (Postfix) with SMTP id BA30813C442 for ; Wed, 12 Sep 2007 01:18:01 +0000 (UTC) (envelope-from josepha48@yahoo.com) Received: (qmail 531 invoked by uid 60001); 12 Sep 2007 01:18:01 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=nYSpsCzVj/HmZtftVgElXxMjo7fXoYGgfu8NIzRVdIts8gD6v3mEo0HZMwczL3EAfmRuFNMpbZ5BLtYlctpyrToRms2k4aSyDotNNk25g3ppldwR51tMeo3XFsZyi5LIc8TDxJq7E+NbWjNh/BXW2HukHnYH9kBzuNYy/mVzLc8=; X-YMail-OSG: EhS7ZnIVM1kUrOSZ1L7DLhkpqAc3dl7HWcyFmA887btIXzeCLjF8Ns.blA2vbWPizlIfNyf56UzXclAkehgZ0.TX0ITjp3CXkFHKYNBl6FCndUPW2bYQw7lz0pevLw-- Received: from [67.101.218.14] by web34614.mail.mud.yahoo.com via HTTP; Tue, 11 Sep 2007 18:18:01 PDT Date: Tue, 11 Sep 2007 18:18:01 -0700 (PDT) From: Joe To: freebsd-questions@freebsd.org In-Reply-To: <20070911120015.2A63916A4C1@hub.freebsd.org> MIME-Version: 1.0 Message-ID: <172307.225.qm@web34614.mail.mud.yahoo.com> X-Mailman-Approved-At: Fri, 14 Sep 2007 11:11:13 +0000 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: natd / ipfw services on internal interface (Ivan Voras) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2007 01:18:02 -0000 Joe wrote: > I have a question about natd/ and ipfw. I am running natd on my external interface and I have some services on my internal interface. > > The services seem to be getting their ip addresses nat'd and some of them work and some of them dont. > > Any idea how to prevent things from going into natd? You should specify more information about your setup, but generally you should be able to just insert a rule like "ipfw add xxx allow ip from mynet/mask to mynet/mask", where "xxx" is the rule-number BEFORE your natd redirection rule-number and mynet/mask describes your internal network. I think I figured it out after a lot of searching. It turns out that when I installed it I accidentally enabled USE_SOCKETS on a non-jailed dhcp server. The only information I found was a post or bug that said if you enable USE_SOCKETS on a non jailed server, you could have unexpected results. The actual results are that your network traffic will be screwed up. Joe --------------------------------- Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.