From owner-freebsd-questions  Thu Oct  5 20:14:41 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53])
	by hub.freebsd.org (Postfix) with ESMTP id B4EED37B503
	for <freebsd-questions@FreeBSD.ORG>; Thu,  5 Oct 2000 20:14:39 -0700 (PDT)
Received: from grand-central-station.MIT.EDU (GRAND-CENTRAL-STATION.MIT.EDU [18.69.0.34])
	by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id XAA25109
	for <freebsd-questions@FreeBSD.ORG>; Thu, 5 Oct 2000 23:14:38 -0400 (EDT)
Received: from melbourne-city-street.MIT.EDU (MELBOURNE-CITY-STREET.MIT.EDU [18.69.0.45])
	by grand-central-station.MIT.EDU (8.9.2/8.9.2) with ESMTP id XAA18790
	for <freebsd-questions@FreeBSD.ORG>; Thu, 5 Oct 2000 23:14:37 -0400 (EDT)
Received: from ten-thousand-dollar-bill.mit.edu (TEN-THOUSAND-DOLLAR-BILL.MIT.EDU [18.184.0.39])
	by melbourne-city-street.MIT.EDU (8.9.3/8.9.2) with ESMTP id XAA27743
	for <freebsd-questions@FreeBSD.ORG>; Thu, 5 Oct 2000 23:14:37 -0400 (EDT)
Received: (from slyph@localhost) by ten-thousand-dollar-bill.mit.edu (8.9.3)
	id XAA11579; Thu, 5 Oct 2000 23:14:36 -0400 (EDT)
Message-Id: <200010060314.XAA11579@ten-thousand-dollar-bill.mit.edu>
To: freebsd-questions@FreeBSD.ORG
Subject: Static NAT with natd and ipfw
Date: Thu, 05 Oct 2000 23:14:36 -0400
From: Michael L Artz <slyph@MIT.EDU>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

So, I set up NAT nicely with ipfw and natd under freebsd 4.0.  Everything seemed to work fine.  I compiled my kernel with the following options:
options         IPFIREWALL 
options         IPFIREWALL_VERBOSE 
options         IPDIVERT 
options         IPSTEALTH 
set up my internal machines to use the 192.168.1.* network, and set up my gateway to use one of my static IPs.

Now, however, I would like to statically alias one of my inside addresses to an external address.  The man page seems to say to do it like this: 

natd_flags="-redirect_address inside_ip outside_ip" 

which I put in /etc/rc.conf 
  
I would like this to behave as though my machine behind the firewall were actually "on" the internet at the outside IP. 

However, when I do this, I get the following error: 
natd[84]: failed to write packet back (No route to host) 

Also, the machine to which I am trying to alias cannot see the outside world past my firewall.  It can see (and ping) the outside interface on the firewall, but nothing beyond it. 

Is this a problem with my routing tables or what?  Also, does the inside machine need any further configuration past what was already done to get it working with natd?  Do I need to alias the external IP that I want it to be, or can I leave it configured as the internal (192.168.*) machine?  Does the gateway need to alias the IP?

Any help is really appreciated.  Thanks 

-Mike
slyph@mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message