From owner-freebsd-doc@FreeBSD.ORG Tue Sep 21 17:19:23 2010 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3EBB106564A for ; Tue, 21 Sep 2010 17:19:23 +0000 (UTC) (envelope-from lgusenet@be-well.ilk.org) Received: from mail4.sea5.speakeasy.net (mail4.sea5.speakeasy.net [69.17.117.48]) by mx1.freebsd.org (Postfix) with ESMTP id 7E2C68FC1F for ; Tue, 21 Sep 2010 17:19:23 +0000 (UTC) Received: (qmail 2703 invoked from network); 21 Sep 2010 16:52:42 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail4.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 21 Sep 2010 16:52:42 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id 9C7A95084D; Tue, 21 Sep 2010 12:52:41 -0400 (EDT) From: Lowell Gilbert To: Jeremy.Spring@us.lawson.com (Spring, Jeremy) References: <538D6120D2245A4DB61D6A0556AD05CD1AC80AEA@XCHGM01.corpnet.lawson.com> Date: Tue, 21 Sep 2010 12:52:41 -0400 In-Reply-To: <538D6120D2245A4DB61D6A0556AD05CD1AC80AEA@XCHGM01.corpnet.lawson.com> (Jeremy Spring's message of "Mon, 20 Sep 2010 14:48:21 -0500") Message-ID: <44mxrbujhi.fsf@be-well.ilk.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-doc@freebsd.org Subject: Re: doc correction X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-doc@freebsd.org List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2010 17:19:23 -0000 Jeremy.Spring@us.lawson.com (Spring, Jeremy) writes: > I setup nat translation and port forwarding on my FreeBSD 8.1-RELEASE machine. It took me a while to get this working because I had to find out by trial and error that the interface to forward packets through is NOT the interface connected to the Internet as the documentation suggests, but rather, is the interface connected to my private network. > > My final nat command string is: > /sbin/natd -redirect_port tcp 10.13.55.4:3389 3389 -n em1 > > where em0 is connected to the Internet, em1 is connected to my private network, and I want to forward incoming RDP traffic destined for my public facing IP to 10.13.55.4. The documentation suggests that I should be using my Internet facing interface (em0), but this doesn't work. The documentation I am looking at is at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html. Please let me know if you have any questions. No, normally one *would* run natd on the external interface. It shouldn't matter a whole lot in the common case of a single internal and a single external interface, but if you get more interfaces inside, you really want to have them handled by the same process. I don't currently have any redirect_port options to play with, but my tech-support crystal ball tells me that the problem was probably with how you got the packets chosen to go into natd in the first place.