Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Sep 1999 10:30:17 +0300
From:      Ruslan Ermilov <ru@ucb.crimea.ua>
To:        "Dmitriy V. Bokiy" <ratebor@cityline.ru>
Cc:        questions@FreeBSD.org
Subject:   Re: newbie: natd
Message-ID:  <19990906103017.D11485@relay.ucb.crimea.ua>
In-Reply-To: <1447.990905@cityline.ru>; from Dmitriy V. Bokiy on Sun, Sep 05, 1999 at 10:44:06AM %2B0400
References:  <1447.990905@cityline.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
[Redirected to -questions]

On Sun, Sep 05, 1999 at 10:44:06AM +0400, Dmitriy V. Bokiy wrote:
> >From natd(8):
> 
> "-deny_incoming | -d
>                  Reject packets destined for the current IP number that have
>                  no entry in the internal translation table."
> 
> My question is what packets are affected by this option? Packets with public
> addresses(I mean this scheme:Internet-->router(ipfw+NAT)-->subnet1(public addresses)->
> ->router(ipfw)-->subnet2(reserved addresses))?
> 
> --Dmitriy

RTFM for natd(8):

-a | -alias_address address
            Use address as the alias address.  If this option is not
            specified, the -n or -interface option must be used.  The
            specified address should be the address assigned to the pub-
            lic network interface.

            All data passing out through this addresses interface will be
            rewritten with a source address equal to address. All data
            arriving at the interface from outside will be checked to see
            if it matches any already-aliased outgoing connection.  If it
            does, the packet is altered accordingly.  If not, all
            -redirect_port and -redirect_address assignments are checked
            and actioned.  If no other action can be made, and if
            -deny_incoming is not specified, the packet is delivered to
            the local machine and port as specified in the packet.


Cheers,
-- 
Ruslan Ermilov		Sysadmin and DBA of the
ru@ucb.crimea.ua	United Commercial Bank,
ru@FreeBSD.org		FreeBSD committer,
+380.652.247.647	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990906103017.D11485>