From owner-freebsd-questions@FreeBSD.ORG Thu Apr 18 07:30:57 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id F18E0A4E for ; Thu, 18 Apr 2013 07:30:57 +0000 (UTC) (envelope-from saeedeh.motlagh@gmail.com) Received: from mail-la0-x22c.google.com (mail-la0-x22c.google.com [IPv6:2a00:1450:4010:c03::22c]) by mx1.freebsd.org (Postfix) with ESMTP id 7D42FFFD for ; Thu, 18 Apr 2013 07:30:57 +0000 (UTC) Received: by mail-la0-f44.google.com with SMTP id fr10so2271072lab.17 for ; Thu, 18 Apr 2013 00:30:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=LmOlaTa1f6RXorlGE0dmHklrPV5CafoNhZgx7EiCuKM=; b=0c2EtX+r/MuP2+3H0pOa2W3vbYgfZzRtuDIo5NGwneEqOW29K2FSYk7E92iweIKn+l 3LBP/F3pxrkiwzeJ955tO9bUEzfA3KaD+M4xV8FpBha83zt/dx/kxPsEWasuDz3vk/PY Vdx8+mRrdSYjQC50FIJgEU547upDVYYvdxBmSgdJ3ToYFe74ireQa2BcIRp9c0k2la/S hIb9BbCNfpCVgVQ5sZ3EA0McnFbt3cVWiQidtaoKze7De1mwwkAk6CrxgaAnH8HzY43+ xP32N5UGB9C7qdUXUzD53CKaeWbOA8HbKMQ4hi9h1Pqf1fXPpG6442ZfZBzeAgEA78fR iH2A== X-Received: by 10.112.141.38 with SMTP id rl6mr4491018lbb.101.1366270256448; Thu, 18 Apr 2013 00:30:56 -0700 (PDT) MIME-Version: 1.0 Received: by 10.112.127.170 with HTTP; Thu, 18 Apr 2013 00:30:15 -0700 (PDT) In-Reply-To: References: <515D3715.9080206@clari.net.au> From: saeedeh motlagh Date: Thu, 18 Apr 2013 12:00:15 +0430 Message-ID: Subject: Re: Fwd: how access inside from outside when nat is done from inside to outside To: s m Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: Daniel O'Callaghan , freebsd-questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Apr 2013 07:30:58 -0000 hi sam i do not know what is the exactly correct manner in freebsd, but it think based on definition for NAT, you should not be able to access inside systems from outside unless you have port direction. On Tue, Apr 16, 2013 at 11:35 AM, s m wrote: > thanks Danny, but i'm using pf to define rules and pfctl to apply them. > > first of all it is so important for me to understand what should > exactly happen and what is the correct behavior in freebsd. i mean > when i define nat from inside to outside, should outside system can > access inside systems or not? (for example ping them). > i am so confused what is the correct manner. any hints or comments > that help to clear it for me, is really appreciated. > SAM > > On 4/4/13, Daniel O'Callaghan wrote: > > On 4/04/2013 6:41 PM, s m wrote: > >> request packets: src:192.168.2.1----> dst: 192.168.1.1 > >> reply packets: src: 192.168.2.50----> dst:192.168.2.1 > > This sort of thing tends to happen when the the packets are not being > > sent via divert socket properly. > > Look carefully, step by step, at your ipfw rules which send packets to > > natd. > > Also, run natd -v in a separate window instead of running it as a > > daemon, and it will show you the packets which go through natd, and what > > is done with them. > > > > regards, > > > > Danny > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "freebsd-questions-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >