From owner-freebsd-hackers Wed Sep 15 0:44:46 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 2C19814CE8 for ; Wed, 15 Sep 1999 00:44:24 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id KAA00245; Wed, 15 Sep 1999 10:43:51 +0300 (EEST) (envelope-from ru) Date: Wed, 15 Sep 1999 10:43:50 +0300 From: Ruslan Ermilov To: Doug White Cc: hackers@FreeBSD.ORG Subject: Re: Multiple NAT alias addresses Message-ID: <19990915104350.G86648@relay.ucb.crimea.ua> Mail-Followup-To: Doug White , hackers@FreeBSD.ORG References: <19990914192335.A3257@relay.ucb.crimea.ua> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=mojUlQ0s9EVzWg2t X-Mailer: Mutt 0.95.3i In-Reply-To: ; from Doug White on Tue, Sep 14, 1999 at 02:14:14PM -0700 X-Operating-System: FreeBSD 3.2-STABLE i386 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --mojUlQ0s9EVzWg2t Content-Type: text/plain; charset=us-ascii On Tue, Sep 14, 1999 at 02:14:14PM -0700, Doug White wrote: > On Tue, 14 Sep 1999, Ruslan Ermilov wrote: > > > > > > use_sockets yes > > > > > same_ports yes > > > > > # > > > > > # machine1 redirections > > > > > #redirect_port tcp 192.168.2.237:ssh 1.2.3.4:ssh > > > > > #redirect_port tcp 192.168.2.237:smtp 1.2.3.4:smtp > > > > > #redirect_port tcp 192.168.2.237:pop3 1.2.3.4:pop3 > > > > > #redirect_port tcp 192.168.2.237:imap4 1.2.3.4:imap4 > > > > > > > > > > # machine2 redirections > > > > > redirect_port tcp 192.168.2.201:ssh 1.2.3.5:ssh > > > > > redirect_port tcp 192.168.2.201:http 1.2.3.5:http > > > > > > > > > > I start natd with: > > > > > > > > > > natd -f /etc/natd.conf -n fxp0 where fxp0 is the public-side interface. > > > > > > > > > > Restarting natd with this configuration causes it to block everything. > > > > > > > > > So, without redirect_port's it works OK? > > > > > > Yes, and the redirect_port's work if the alias address is not specified. > > > > > Strange, I just run 3.2-RELEASE's natd(8) with your configuration file > > and everything works as expected: > > Hm, rev. 1.21 of natd.c is worrisome: > > 1.21 Tue Sep 7 15:34:12 1999 UTC by ru > CVS Tags: HEAD > Diffs to 1.20 > > Config file parser changes: > > - Trailing spaces and empty lines are ignored. > - A `#' sign will mark the remaining of the line as a comment. > > Reviewed by: Ari Suutari > > Perhaps the parser is skipping my redirect_port lines? > Yeah, I committed this change after one guy had the problems with redirect_port's not happening. He had `#' after `redirect_port' line, and natd(8) silently ignored it. But you said that it works for you without specifying publicIP, so this shouldn't be the case here. > > Firewall rules were: > > 00001 divert 8668 ip from any to 1.2.3.5 via fxp2 > > 00001 divert 8668 ip from 192.168.2.201 to any via fxp2 > > Hm, I'm using the default divert rule 'divert 8668 all from any to any via > fxp0' instead of grabbing specific traffic. > I understand. My rules look so, because I have another natd(8) (production) running on my outside interface, so I grabbed only those packets that were sufficient to experiment with your config file. [...] > Very odd. I'm going to adjust the configfile so that it has no comments > or blank space. Can you send me your file exactly as you wrote it? > I just copied your config file from your original posting, see attached. But PLEASE MAKE SURE you have no trailing whitespaces at the end of your redirect_port rules! Later, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --mojUlQ0s9EVzWg2t Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="natd.cf" use_sockets yes same_ports yes # # machine1 redirections #redirect_port tcp 192.168.2.237:ssh 1.2.3.4:ssh #redirect_port tcp 192.168.2.237:smtp 1.2.3.4:smtp #redirect_port tcp 192.168.2.237:pop3 1.2.3.4:pop3 #redirect_port tcp 192.168.2.237:imap4 1.2.3.4:imap4 # machine2 redirections redirect_port tcp 192.168.2.201:ssh 1.2.3.5:ssh redirect_port tcp 192.168.2.201:http 1.2.3.5:http --mojUlQ0s9EVzWg2t-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message