From owner-freebsd-questions@FreeBSD.ORG  Sun Jun 20 23:23:23 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 22B2D16A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 20 Jun 2004 23:23:23 +0000 (GMT)
Received: from web53306.mail.yahoo.com (web53306.mail.yahoo.com
	[206.190.39.235])
	by mx1.FreeBSD.org (Postfix) with SMTP id A1FAC43D55
	for <freebsd-questions@freebsd.org>;
	Sun, 20 Jun 2004 23:23:22 +0000 (GMT)
	(envelope-from canonical_fred@yahoo.com)
Message-ID: <20040620232322.1336.qmail@web53306.mail.yahoo.com>
Received: from [66.93.39.147] by web53306.mail.yahoo.com via HTTP;
	Sun, 20 Jun 2004 16:23:22 PDT
Date: Sun, 20 Jun 2004 16:23:22 -0700 (PDT)
From: Frederick Polsky <canonical_fred@yahoo.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: natd translating ip and udp packets but not tcp..
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Jun 2004 23:23:23 -0000

Greetings and salutations;

I am having a puzzling issue with natd under FreeBSD
5.2, in which it will translate icmp and udp packets
just fine, but tcp connections from the inside network
to the outside world cannot be established. I can
lookup hostnames, ping etc. from the internal client
box, but cannot establish a connection to any
tcp-based service.

Consider my configuration, with addresses changed to
implicate the guilty:

Gateway internal interface: xl1
Gateway internal ip: 192.168.0.1/24
Client internal ip: 192.168.0.2

Gateway external interface: xl0
Gateway external ip: 131.107.3.124

Proper kernel options in place.

ipfw configuration (more or less):

050 divert 8668 ip from any to any via xl0
100 allow ip from any to any

natd running properly against xl0

I can provide more detailed information (tcpdumps,
etc) if requested. Thanks.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com