Date: Sat, 16 Feb 2002 22:46:21 -0700 From: "Shawn Dillon" <lansol@telusplanet.net> To: "Ken Bolingbroke" <hacker@bolingbroke.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Natd,ipfw,vnc and multiple interfaces Message-ID: <001d01c1b776$6d92dd90$05e6b38e@lantechhome> References: <20020216085519.E91586-100000@fremont.bolingbroke.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the advice so far. I am so close it is almost painful. Right now
if I run the following command
bash-2.05# natd -v -use_sockets -same_ports -n xl3 -p 8669 -redirect_address
10.0.11.1 142.59.206.229
I get the following feedback
natd[1533]: Aliasing to 142.59.206.229, mtu 1500 bytes
In [TCP] [TCP] 142.179.230.5:1123 -> 142.59.206.229:5900 aliased to
[TCP] 142.179.230.5:1123 -> 10.0.11.1:5900
In [TCP] [TCP] 142.179.230.5:1123 -> 142.59.206.229:5900 aliased to
[TCP] 142.179.230.5:1123 -> 10.0.11.1:5900
In [TCP] [TCP] 142.179.230.5:1123 -> 142.59.206.229:5900 aliased to
[TCP] 142.179.230.5:1123 -> 10.0.11.1:5900
Which tells me that the second natd IS aliasing the packets ( I want them
to go to the 10.0.11.1 address from the external (142.59.206.229). I think I
am missing something from my firewall script (IPFW) to actually pass those
packets thru.Here is my simple script.
#Flush existing rules
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via xl1
/sbin/ipfw add divert 8669 all from any to any via xl3
/sbin/ipfw add allow all from any to any
/sbin/ipfw add pass all from any to any
/sbin/ipfw add fwd 10.0.11.2 all from any to 10.0.11.1 via xl3
( The last line was my attempt to get the firewall to take any traffic
marked for 10.0.11.1 on xl3 and make the next hop for it 10.0.11.2 , whch
would be my internal NIC.
Any ideas? ( Actual scripts that work for you?)
Shawn
----- Original Message -----
From: "Ken Bolingbroke" <hacker@bolingbroke.com>
To: "Shawn Dillon" <lansol@telusplanet.net>
Cc: <freebsd-questions@FreeBSD.ORG>
Sent: Saturday, February 16, 2002 10:02 AM
Subject: Re: Natd,ipfw,vnc and multiple interfaces
>
>
> On Sat, 16 Feb 2002, Shawn Dillon wrote:
>
> > One more question. I remember a post on starting natd and getting a
'unable
> > to bind divert address" error because natd was already in use. How does
this
> > affect starting multiple natd daemons.
> >
> > And thanks for the response thus far.
>
> Use the -p option to natd to specify a different port to listen on, and
> then use that new port in your ipfw rules as well. That is, the
> respective natd and ipfw rules might look something like:
>
> natd -n fxp0
> add divert natd all from any to any via fxp0
>
> natd -n fxp1 -p 8669
> add divert 8669 all from any to any via fxp1
>
> Ken Bolingbroke
> hacker@bolingbroke.com
>
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001d01c1b776$6d92dd90$05e6b38e>