From owner-freebsd-questions@FreeBSD.ORG Fri Dec 26 08:39:53 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C6CB116A4CE for ; Fri, 26 Dec 2003 08:39:53 -0800 (PST) Received: from lakemtao07.cox.net (lakemtao07.cox.net [68.1.17.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id F27D343D48 for ; Fri, 26 Dec 2003 08:39:48 -0800 (PST) (envelope-from micheal@tsgincorporated.com) Received: from dredster ([68.12.79.37]) by lakemtao07.cox.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031226163948.FQPT2432.lakemtao07.cox.net@dredster>; Fri, 26 Dec 2003 11:39:48 -0500 Message-ID: From: "Micheal Patterson" To: "Pierrick Brossin" , References: <20031226160246.643eee4b.pbrossin@swissgeeks.com> Date: Fri, 26 Dec 2003 10:39:57 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: Forward and NAT question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 16:39:53 -0000 ----- Original Message ----- From: "Pierrick Brossin" To: Sent: Friday, December 26, 2003 9:02 AM Subject: Forward and NAT question > Hi! > > I'm a little bit confused. > I got my server up and running with nat and stuff for a little while now > and I was wondering why would one need both net.inet.ip.forwarding set > to 1 and NAT ? > > I've been searching in the docs and on google for 3 days but I can't > figure out what is forwarding needed for if NAT is enabled... > > Regards > > -Pierrick Brossin > http://www.swissgeeks.com >From the FreeBSD handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/ppp-primer/x237.html) "By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled." If you're running NATD, you have at least 2 interfaces, this has to be enabled for the packets to traverse the interfaces properly. NATD and packet forwarding don't go hand in hand, NATD and IPFW do. net.inet.ip.forwarding allows traffic from the internal interface to gain access to the external interface where NATD is by default listening. Normal NATD traffic flow is this: - Packet is inbound via internal interface - net.inet.ip.forwarding allows the traffic to traverse to external interface - IPFW intercepts traffic at external interface and diverts it to NATD - NATD translates the packet and injects it at the next IPFW rule set - If traffic is allowed by IPFW, traffic exits the system to it's destination Without net.inet.ip.forwarding enabled, the FreeBSD system is merely a system on each network instead of a gateway between them. That's my take on it in a nut shell. -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600