From owner-freebsd-questions Thu Sep 13 11: 4:35 2001 Delivered-To: freebsd-questions@freebsd.org Received: from axl.seasidesoftware.co.za (fire.seasidesoftware.co.za [196.31.7.199]) by hub.freebsd.org (Postfix) with ESMTP id E575B37B409 for ; Thu, 13 Sep 2001 11:04:30 -0700 (PDT) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1) id 15haqh-000Eww-00 for freebsd-questions@FreeBSD.org; Thu, 13 Sep 2001 20:04:27 +0200 From: Sheldon Hearn To: freebsd-questions@FreeBSD.org Subject: NATD address_redirect kills host's connectivity Date: Thu, 13 Sep 2001 20:04:27 +0200 Message-ID: <57469.1000404267@axl.seasidesoftware.co.za> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi folks, I'm trying to set up natd address redirection as per the Handbook's Network Address Translation section. [1] I've followed all the instructions as best I can. I have IPFIREWALL, IPFIREWALL_FORWARD and DIVERT in my kernel. I booted this new kernel with gateway_enable="YES" in rc.conf. I start natd as follows: /sbin/natd -f /etc/natd.conf ---- /etc/natd.conf interface ep0 # Sheldon's workstation redirect_address 10.0.0.2 196.31.7.201 ---- I have my workstation's public address configured as an alias on ep0: ---- ifconfig ep0 ifconfig ep0 ep0: flags=8843 mtu 1500 inet 196.31.7.199 netmask 0xfffffff0 broadcast 196.31.7.207 inet 196.31.7.201 netmask 0xffffffff broadcast 196.31.7.201 ---- My custom firewall rules are in /etc/firewall.local and rc.conf contains firewall_type="/etc/firewall.local". ---- /etc/firewall.local add divert natd all from any to any via ep0 add allow all from any to any ---- Without the redirect_address line in /etc/natd.conf, my workstation has connectivity to public addresses. Without it, the only public address in the universe to which my host can connect is its own. Is there something subtle I've missed? Or perhaps I need something more in my firewall rules that the NAT section of the Handbook neglects to mention? TIA Ciao, Sheldon. [1] The handbook is fantastic these days! I've managed to get my first ever installation of a NATing firewall with DNS master for private domain installed in no time at all. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message