From owner-freebsd-questions  Thu Jan 10 19:44:17 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from femail5.sdc1.sfba.home.com (femail5.sdc1.sfba.home.com [24.0.95.85])
	by hub.freebsd.org (Postfix) with ESMTP id 6AD0237B400
	for <freebsd-questions@freebsd.org>; Thu, 10 Jan 2002 19:44:15 -0800 (PST)
Received: from www.technaholics.com ([65.6.242.64])
          by femail5.sdc1.sfba.home.com
          (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP
          id <20020111034414.UTPS27.femail5.sdc1.sfba.home.com@www.technaholics.com>
          for <freebsd-questions@freebsd.org>;
          Thu, 10 Jan 2002 19:44:14 -0800
Received: from spgcalbert ([10.15.1.20])
	by www.technaholics.com (8.11.3/8.11.3) with SMTP id g0B3iCn02647
	for <freebsd-questions@freebsd.org>; Thu, 10 Jan 2002 21:44:12 -0600 (CST)
	(envelope-from chadalbert@home.com)
Message-ID: <001c01c19a52$3c1bb890$14010f0a@spgcalbert>
From: "Chad Albert" <chadalbert@home.com>
To: <freebsd-questions@freebsd.org>
Subject: natd
Date: Thu, 10 Jan 2002 21:44:11 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello all!
I am have an interesting task at hand and I need some help.  I am setting up
a firewall/NAT box with natd and ipfirewall (ipfw).  My outside NIC has two
addresses and I am port forwarding a TCP port to the inside.  My problem is
that when someone hits outside address B they get forwarded to my internal
server and the outbound responses head back through the firewall only to
head out through outside address A.  As you can imagine this does not work
since the outbound traffic's first packet is a SYN + ACK packet from an
address that the client never sent a SYN packet to.  Does anyone know how to
make sure that communication on a certain port always goes out as a specific
address and all other outbound initiated traffic goes out the other address?

current natd config file:

redirect_port tcp 10.15.1.20:21 21
redirect_port tcp 10.15.1.4:443 3389
redirect_port tcp 10.15.1.20:5001 5001

I would really like to make sure that any traffic that gets forwarded can go
out using the address it originally came in on.

Any suggestions are greatly appreciated!





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message