Date: Thu, 13 Sep 2001 20:04:27 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: freebsd-questions@FreeBSD.org Subject: NATD address_redirect kills host's connectivity Message-ID: <57469.1000404267@axl.seasidesoftware.co.za>
next in thread | raw e-mail | index | archive | help
Hi folks,
I'm trying to set up natd address redirection as per the Handbook's
Network Address Translation section. [1]
I've followed all the instructions as best I can. I have IPFIREWALL,
IPFIREWALL_FORWARD and DIVERT in my kernel. I booted this new kernel
with gateway_enable="YES" in rc.conf.
I start natd as follows:
/sbin/natd -f /etc/natd.conf
---- /etc/natd.conf
interface ep0
# Sheldon's workstation
redirect_address 10.0.0.2 196.31.7.201
----
I have my workstation's public address configured as an alias on ep0:
---- ifconfig ep0
ifconfig ep0
ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 196.31.7.199 netmask 0xfffffff0 broadcast 196.31.7.207
inet 196.31.7.201 netmask 0xffffffff broadcast 196.31.7.201
----
My custom firewall rules are in /etc/firewall.local and rc.conf contains
firewall_type="/etc/firewall.local".
---- /etc/firewall.local
add divert natd all from any to any via ep0
add allow all from any to any
----
Without the redirect_address line in /etc/natd.conf, my workstation has
connectivity to public addresses. Without it, the only public address
in the universe to which my host can connect is its own.
Is there something subtle I've missed? Or perhaps I need something more
in my firewall rules that the NAT section of the Handbook neglects to
mention?
TIA
Ciao,
Sheldon.
[1] The handbook is fantastic these days! I've managed to get my first
ever installation of a NATing firewall with DNS master for private
domain installed in no time at all.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57469.1000404267>