From owner-freebsd-net@FreeBSD.ORG Thu Feb 22 14:41:59 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0736C16A401 for ; Thu, 22 Feb 2007 14:41:59 +0000 (UTC) (envelope-from ml.diespammer@netfence.it) Received: from parrot.aev.net (parrot.aev.net [212.31.247.179]) by mx1.freebsd.org (Postfix) with ESMTP id 881B113C48D for ; Thu, 22 Feb 2007 14:41:58 +0000 (UTC) (envelope-from ml.diespammer@netfence.it) Received: from soth.ventu (adsl-ull-235-229.51-151.net24.it [151.51.229.235]) (authenticated bits=128) by parrot.aev.net (8.13.8/8.13.8) with ESMTP id l1MEmeP7089002 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 22 Feb 2007 15:48:46 +0100 (CET) (envelope-from ml.diespammer@netfence.it) Received: from [10.1.2.18] (alamar.ventu [10.1.2.18]) by soth.ventu (8.14.0/8.13.8) with ESMTP id l1MEgkWF035371 for ; Thu, 22 Feb 2007 15:42:46 +0100 (CET) (envelope-from ml.diespammer@netfence.it) Message-ID: <45DDABA6.60407@netfence.it> Date: Thu, 22 Feb 2007 15:41:42 +0100 From: Andrea Venturoli User-Agent: Thunderbird 1.5.0.9 (X11/20070119) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.57 on 212.31.247.179 Subject: Bridge and NAT problems X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-net@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2007 14:41:59 -0000 Hello. I've got the following problem... My host is configured like this: fxp0: internal interface, requires NAT rl1: public interface, with static IP xl0: bridged to rl1, with some public IP behind ipfw diverts any traffic through rl1 to natd, i.e. I have in ipfw 50 divert 8668 ip from any to any via rl1 Internal <-> Internet works, as Internet <-> Bridged does. Internal <-> Bridged does not work. Let's suppose I'm pinging from the inside to a bridged machine: the ICMP packet comes in through fxp0 and is allowed, gets NATted going out by rule 50 and reaches the target hosts (I guess bridging is also happening to send it out via xl0 instead of rl1). The target answers to the public IP of this box and the packet comes in via xl0, so it's not back-NATted and gets lost. I then tought of diverting to natd every packet through xl0 (i.e. 60 divert 8668 ip from any to any via xl0), but this doesn't work either. The packet gets to natd by means of rule 60, but natd does not recognize it as an answer to a previously examined packet. From man pages I understood that natd does not take interface into account, but only source and destination IP:port. Then, what's wrong? Any suggestion? bye & Thanks av.