Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 14 Sep 1999 08:49:21 -0700 (PDT)
From:      Doug White <dwhite@resnet.uoregon.edu>
To:        Ruslan Ermilov <ru@ucb.crimea.ua>
Cc:        hackers@FreeBSD.ORG
Subject:   Re: Multiple NAT alias addresses
Message-ID:  <Pine.BSF.4.10.9909140846130.65695-100000@resnet.uoregon.edu>
In-Reply-To: <19990914040220.B71293@relay.ucb.crimea.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 14 Sep 1999, Ruslan Ermilov wrote:

> > hello ..
> > 
> > We're trying to turn up a firewall box running NAT with multiple external
> > IPs.  I added the alias and set up natd.conf as follows:
> > 
> > use_sockets yes
> > same_ports yes
> > #
> > # machine1 redirections 
> > #redirect_port tcp 192.168.2.237:ssh 1.2.3.4:ssh
> > #redirect_port tcp 192.168.2.237:smtp 1.2.3.4:smtp
> > #redirect_port tcp 192.168.2.237:pop3 1.2.3.4:pop3
> > #redirect_port tcp 192.168.2.237:imap4 1.2.3.4:imap4
> > 
> > # machine2 redirections
> > redirect_port tcp 192.168.2.201:ssh 1.2.3.5:ssh
> > redirect_port tcp 192.168.2.201:http 1.2.3.5:http
> > 
> > I start natd with:
> > 
> > natd -f /etc/natd.conf -n fxp0  where fxp0 is the public-side interface.
> > 
> > Restarting natd with this configuration causes it to block everything.
> > 
> So, without redirect_port's it works OK?

Yes, and the redirect_port's work if the alias address is not specified.

> Have you tried to run it in the foreground? (`natd -v')

Not on the target machine but I did test it from home.  It looks like NAT
stops matching packets when the alias addr is provided; it lets them fall
through to the local system, where they generally get 'connection
refused'.  I am going to try it without alias addresses for the default
address (the first bank) and see if those work.

I can't attach gdb to a running -g'd version of natd, it just segfaults.
:(

> > Does natd support multiple alias addresses, or am I missing something
> > obvious?
> > 
> Definitely supports!
> 
> BTW, what version you are on?

3.2-RELEASE.

Doug White                               
Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909140846130.65695-100000>