From owner-freebsd-hackers Tue Sep 14 14:15: 6 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32]) by hub.freebsd.org (Postfix) with ESMTP id 634D714F15 for ; Tue, 14 Sep 1999 14:15:02 -0700 (PDT) (envelope-from dwhite@resnet.uoregon.edu) Received: from localhost (dwhite@localhost) by resnet.uoregon.edu (8.9.3/8.9.3) with ESMTP id OAA61128; Tue, 14 Sep 1999 14:14:14 -0700 (PDT) (envelope-from dwhite@resnet.uoregon.edu) Date: Tue, 14 Sep 1999 14:14:14 -0700 (PDT) From: Doug White To: Ruslan Ermilov Cc: hackers@FreeBSD.ORG Subject: Re: Multiple NAT alias addresses In-Reply-To: <19990914192335.A3257@relay.ucb.crimea.ua> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 14 Sep 1999, Ruslan Ermilov wrote: > > > > use_sockets yes > > > > same_ports yes > > > > # > > > > # machine1 redirections > > > > #redirect_port tcp 192.168.2.237:ssh 1.2.3.4:ssh > > > > #redirect_port tcp 192.168.2.237:smtp 1.2.3.4:smtp > > > > #redirect_port tcp 192.168.2.237:pop3 1.2.3.4:pop3 > > > > #redirect_port tcp 192.168.2.237:imap4 1.2.3.4:imap4 > > > > > > > > # machine2 redirections > > > > redirect_port tcp 192.168.2.201:ssh 1.2.3.5:ssh > > > > redirect_port tcp 192.168.2.201:http 1.2.3.5:http > > > > > > > > I start natd with: > > > > > > > > natd -f /etc/natd.conf -n fxp0 where fxp0 is the public-side interface. > > > > > > > > Restarting natd with this configuration causes it to block everything. > > > > > > > So, without redirect_port's it works OK? > > > > Yes, and the redirect_port's work if the alias address is not specified. > > > Strange, I just run 3.2-RELEASE's natd(8) with your configuration file > and everything works as expected: Hm, rev. 1.21 of natd.c is worrisome: 1.21 Tue Sep 7 15:34:12 1999 UTC by ru CVS Tags: HEAD Diffs to 1.20 Config file parser changes: - Trailing spaces and empty lines are ignored. - A `#' sign will mark the remaining of the line as a comment. Reviewed by: Ari Suutari Perhaps the parser is skipping my redirect_port lines? > Firewall rules were: > 00001 divert 8668 ip from any to 1.2.3.5 via fxp2 > 00001 divert 8668 ip from 192.168.2.201 to any via fxp2 Hm, I'm using the default divert rule 'divert 8668 all from any to any via fxp0' instead of grabbing specific traffic. > Natd(8) was run as: > natd -v -f natd.cf -n fxp2 (fxp2 in an external interface) > > > telnet 1.2.3.5 123 (from 212.110.138.4): > In [TCP] [TCP] 212.110.138.4:49964 -> 1.2.3.5:123 aliased to > [TCP] 212.110.138.4:49964 -> 1.2.3.5:123 > In [TCP] [TCP] 212.110.138.4:49964 -> 1.2.3.5:123 aliased to > [TCP] 212.110.138.4:49964 -> 1.2.3.5:123 > In [TCP] [TCP] 212.110.138.4:49964 -> 1.2.3.5:123 aliased to > [TCP] 212.110.138.4:49964 -> 1.2.3.5:123 > Redirections not happening. > > > > telnet 1.2.3.5 80 (from 212.110.138.4): > In [TCP] [TCP] 212.110.138.4:49960 -> 1.2.3.5:80 aliased to > [TCP] 212.110.138.4:49960 -> 192.168.2.201:80 > Out [TCP] [TCP] 192.168.2.201:80 -> 212.110.138.4:49960 aliased to > [TCP] 1.2.3.5:80 -> 212.110.138.4:49960 > In [TCP] [TCP] 212.110.138.4:49960 -> 1.2.3.5:80 aliased to > [TCP] 212.110.138.4:49960 -> 192.168.2.201:80 > In [TCP] [TCP] 212.110.138.4:49960 -> 1.2.3.5:80 aliased to > [TCP] 212.110.138.4:49960 -> 192.168.2.201:80 > Out [TCP] [TCP] 192.168.2.201:80 -> 212.110.138.4:49960 aliased to > [TCP] 1.2.3.5:80 -> 212.110.138.4:49960 > Out [TCP] [TCP] 192.168.2.201:80 -> 212.110.138.4:49960 aliased to > [TCP] 1.2.3.5:80 -> 212.110.138.4:49960 > In [TCP] [TCP] 212.110.138.4:49960 -> 1.2.3.5:80 aliased to > [TCP] 212.110.138.4:49960 -> 192.168.2.201:80 > Redirections are happening. Very odd. I'm going to adjust the configfile so that it has no comments or blank space. Can you send me your file exactly as you wrote it? > This is a known problem, it is fixed in -STABLE: > > dfr 1999/05/22 01:29:24 PDT > > Modified files: (Branch: RELENG_3) > contrib/gdb/gdb solib.c > Log: > MFC: Problems with coredumps from static programs. argh :( Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message