From owner-freebsd-questions Sun Feb 25 23:19:59 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail5.speakeasy.net (mail5.speakeasy.net [216.254.0.205]) by hub.freebsd.org (Postfix) with SMTP id 8D42337B401 for ; Sun, 25 Feb 2001 23:19:56 -0800 (PST) (envelope-from powers@b2pi.com) Received: (qmail 75444 invoked from network); 26 Feb 2001 07:19:56 -0000 Received: from unknown (HELO Sophie.B2Pi.com) ([216.254.64.186]) (envelope-sender ) by mail5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 26 Feb 2001 07:19:56 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15002.922.799479.686056@Sophie.B2Pi.com> Date: Mon, 26 Feb 2001 02:19:54 -0500 (EST) From: Brent B.Powers To: cjclark@alum.mit.edu Cc: freebsd-questions@freebsd.org Subject: Re: With natd server, can't hit my own static IP's In-Reply-To: <20010225212349.Y89396@rfx-216-196-73-168.users.reflex> References: <20010221004746.Y62368@rfx-216-196-73-168.users.reflex> <15000.46171.122193.363607@Sophie.B2Pi.com> <20010225161353.S89396@rfx-216-196-73-168.users.reflex> <15001.58315.328789.634063@Sophie.B2Pi.com> <20010225212349.Y89396@rfx-216-196-73-168.users.reflex> X-Mailer: VM 6.72 under 21.2 (beta34) "Molpe" XEmacs Lucid Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >>>>> "Crist" == Crist J Clark writes: Crist> On Mon, Feb 26, 2001 at 12:04:11AM -0500, Brent B. Powers Crist> wrote: >> >>>>> "Crist" == Crist J Clark writes: >> Crist> On Sun, Feb 25, 2001 at 02:29:31AM -0500, Brent B. Powers Crist> wrote: [snip] >> >> Crist> I think I see what is going on here. That rule 350 was a Crist> bad idea on my part. Replies from 192.168.1.186 do not get Crist> put through NAT. What does, >> Crist> 00350 divert 8669 ip from any to any via rl0 >> Crist> And running the internal natd with the '-reverse' option Crist> do? >> Ummm, prevents all machines other than the gateway from >> connecting with each other, or anything. When I reverse the >> order of the nat rules, not much that's better happens, but it >> also nat's packets from the outside world (effectively >> reversing the original nat). Crist> Oh, yeah. Did I not say to turn off NAT on the external Crist> interface and only run it inside? Ummm, huh??? In that case, won't the gateway (which has aliases for all 8 of the static IP's I care about) just eat any packet bound from the outside for one of those 8, and they (the packets bound for my non-gateway servers) w'll never hit the interior interface. >> I am beginning to wonder if this is actually possible via >> FreeBSD. You may recall from a couple of months ago when I was >> asking how to cause a server to act as a direct bridge (in >> other words, for any packet for an IP that it got on one nic >> that was not it's own, throw the packet out the other >> nic. Then, with the proper arp proxying, this whole scenario >> works. Crist> Doing NAT on a bridge? That be whack. That's the point... you don't do nat. the gateway just arp proxies the ip's, and shuffles the packets to the correct addresses (which are directly connected to the interior IP). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message