From owner-freebsd-ipfw  Sat Jun 10 12:17:59 2000
Delivered-To: freebsd-ipfw@freebsd.org
Received: from merlin.prod.itd.earthlink.net (merlin.prod.itd.earthlink.net [207.217.120.156])
	by hub.freebsd.org (Postfix) with ESMTP id 5579D37BE17
	for <freebsd-ipfw@FreeBSD.ORG>; Sat, 10 Jun 2000 12:17:54 -0700 (PDT)
	(envelope-from cjc@earthlink.net)
Received: from dialin-client.earthlink.net (pool0886.cvx21-bradley.dialup.earthlink.net [209.179.195.121])
	by merlin.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with ESMTP id MAA14894;
	Sat, 10 Jun 2000 12:17:51 -0700 (PDT)
Received: (from cjc@localhost)
	by dialin-client.earthlink.net (8.9.3/8.9.3) id MAA01235;
	Sat, 10 Jun 2000 12:16:28 -0700 (PDT)
Date: Sat, 10 Jun 2000 12:16:27 -0700
From: "Crist J. Clark" <cjc@earthlink.net>
To: Andy Dills <andy@xecu.net>
Cc: cjclark@alum.mit.edu,
	"purpledreams.com system administrator" <super@purpledreams.com>,
	freebsd-ipfw@FreeBSD.ORG
Subject: Re: Hijacking DNS with ipfw
Message-ID: <20000610121626.A1197@dialin-client.earthlink.net>
Reply-To: cjclark@alum.mit.edu
References: <20000610002454.A13393@dialin-client.earthlink.net> <Pine.GSO.4.21.0006101204000.15576-100000@shell.xecu.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <Pine.GSO.4.21.0006101204000.15576-100000@shell.xecu.net>; from andy@xecu.net on Sat, Jun 10, 2000 at 12:30:23PM -0400
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Jun 10, 2000 at 12:30:23PM -0400, Andy Dills wrote:

[snip]

> The problem is, AFAIK nat will not do that under any circumstances. I
> tried this approach already:
> 
> (I'm running on instance of natd on 8668 already. According to the manpage
> for natd, -reverse is the closest approximation to what I'm trying to do)
> 
> natd -p 8669 -alias_address <primary ip of inside card> -reverse
> ipfw add 10 divert 8669 udp from any to any 53 via xl1
> ipfw add 11 fwd 127.0.0.1,53 udp from <ip from the natd command> to any 53
> 
> That's the only way I can think of to do this with nat, and that didn't
> work either.

Shouldn't this be,

  # cat /etc/natd_dns.conf  # command line for natd getting long
  port 8669
  interface xl1
  reverse
  redirect_address <internal IP> 0.0.0.0
  # natd -f /etc/natd_dns.conf
  # ipfw add 10 divert 8669 udp from any to any 53 via xl1
  # ipfw add 11 divert 8669 tcp from any to any 53 via xl1

-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message