Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 26 Dec 2003 10:39:57 -0600
From:      "Micheal Patterson" <micheal@tsgincorporated.com>
To:        "Pierrick Brossin" <pbrossin@swissgeeks.com>, <freebsd-questions@freebsd.org>
Subject:   Re: Forward and NAT question
Message-ID:  <bba001c3cbce$e7ac34f0$0201a8c0@dredster>
References:  <20031226160246.643eee4b.pbrossin@swissgeeks.com>

next in thread | previous in thread | raw e-mail | index | archive | help

----- Original Message ----- 
From: "Pierrick Brossin" <pbrossin@swissgeeks.com>
To: <freebsd-questions@freebsd.org>
Sent: Friday, December 26, 2003 9:02 AM
Subject: Forward and NAT question


> Hi!
>
> I'm a little bit confused.
> I got my server up and running with nat and stuff for a little while now
> and I was wondering why would one need both net.inet.ip.forwarding set
> to 1 and NAT ?
>
> I've been searching in the docs and on google for 3 days but I can't
> figure out what is forwarding needed for if NAT is enabled...
>
> Regards
>
> -Pierrick Brossin
> http://www.swissgeeks.com


>From the FreeBSD handbook
(http://www.freebsd.org/doc/en_US.ISO8859-1/books/ppp-primer/x237.html)

"By default the FreeBSD system will not forward IP packets between various
network interfaces. In other words, routing functions (also known as gateway
functions) are disabled."

If you're running NATD, you have at least 2 interfaces, this has to be
enabled for the packets to traverse the interfaces properly. NATD and packet
forwarding don't go hand in hand, NATD and IPFW do.

net.inet.ip.forwarding allows traffic from the internal interface to gain
access to the external interface where NATD is by default listening.

Normal NATD traffic flow is this:

- Packet is inbound via internal interface
- net.inet.ip.forwarding allows the traffic to traverse to external
interface
- IPFW intercepts traffic at external interface and diverts it to NATD
- NATD translates the packet and injects it at the next IPFW rule set
- If traffic is allowed by IPFW, traffic exits the system to it's
destination

Without net.inet.ip.forwarding enabled, the FreeBSD system is merely a
system on each network instead of a gateway between them.

That's my take on it in a nut shell.

--

Micheal Patterson
Network Administration
TSG Incorporated
405-917-0600



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bba001c3cbce$e7ac34f0$0201a8c0>