Date: Mon, 15 Apr 2002 09:08:25 +0200 From: "Patrick O'Reilly" <bsd@perimeter.co.za> To: "Srinivasa Kanduru" <ksraghavan@yahoo.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: NAT problem Message-ID: <007f01c1e44c$56f579a0$b50d030a@PATRICK> References: <20020415031109.32125.qmail@web10004.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Srinivasa Kanduru" <ksraghavan@yahoo.com>
> Hi,
>
> Any session can be initiated from private net to say
> http request to yahoo, all the packets are translated
> to a different port range on the NAT gateway on the
> way out, but when the response arrives to the gateway,
> reverse translation doesn't happen so a reset is sent
> back to yahoo.
>
> Port translation is supposed to happen both ways and I
> am not sure why reverse translation doesn't happen.
Sri,
the answer to your question is staring you in face :-)
See your config:
>
> My Configuration:
>
> # ipfw list
> 00050 divert 8668 ip from 192.168.0.0/16 to any via
> dc0
> 00100 allow ip from any to any via lo0
> 00200 allow ip from any to any via dc0
> 65535 allow ip from any to any
>
You are diverting outgoing packets (192.168.0.0 to any) to natd, but you
are not diverting the incoming packets. So natd does not have the
opportunity to do the "reverse translation".
Try adding something like this to your ipfw ruleset:
00050 divert 8668 ip from any to any via dc0
In fact, the above rule is the default with an "OPEN" firewall, which is
what you are running, so perhaps you modified rc.firewall yourself, and
broke the divert rule in the process?
HTH.
Regards,
Patrick O'Reilly.
___ _ __
/ _ )__ __ (_)_ __ ___ _/ /____ __
/ __/ -_) _) / ~ ) -_), ,-/ -_) _)
/_/ \__/_//_/_/~/_/\__/ \__/\__/_/
http://www.perimeter.co.za
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007f01c1e44c$56f579a0$b50d030a>