Date: Sun, 31 Aug 1997 17:55:14 +0100 From: Brian Somers <brian@awfulhak.org> To: Russell Vincent <rv@groa.uct.ac.za> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Problem with packet alias/natd Message-ID: <199708311655.RAA04114@awfulhak.demon.co.uk> In-Reply-To: Your message of "Sat, 31 Aug 1997 13:13:30 %2B0200." <E0x57wg-00064Q-00@groa.uct.ac.za>
next in thread | previous in thread | raw e-mail | index | archive | help
> I am seeing an anomoly when using natd to do address translation.
>
> On a host (137.158.128.10):
>
> # ipfw a 88 divert 8888 tcp from 137.158.128.1 to 137.158.128.10 23
> 00089 divert 8888 tcp from 137.158.128.1 to 137.158.128.10 23
> # natd -v -p 8888 -a 137.158.128.10 redirect_address 137.158.128.7 0.0.0.0
>
> I read that as anything received from host 137.158.128.1 to
> 137.158.128.10:23 is diverted to natd, which translates the source
> address to 137.158.128.10 (the aliasing machine) and destination
> address to 137.158.128.7.
Nope. The source address should stay the same. Natd will change the
dst address to 137.158.128.7.
> The natd output after a telnet from 137.158.128.1 to 137.158.128.10:
> In [TCP] 137.158.128.1:1096 -> 137.158.128.10:23 aliased to
> 137.158.128.1:1096 -> 137.158.128.10:23
> [ Repeated until I stop natd ]
Did you really leave out the ``-'' above (before redirect_address) ?
I would suggest that this is the problem :-)
> Try a different tactic by picking up the alias address from the
> interface (de):
>
> # natd -v -p 8888 -n de0 -redirect_address 137.158.128.7 0.0.0.0
> In [TCP] 137.158.128.1:1100 -> 137.158.128.10:23 aliased to
> 137.158.128.1:1100 -> 137.158.128.7:23
>
> Hmmm ... the interface address for de0 is the same as the '-a' address
> above (137.158.128.10).
>
> i.e: Neither of the above works, but I get different results.
>
> Am I doing something wrong or perhaps expecting too much
> from natd?
Hmm, I suspect the missing ``-'' is just a typo here. The only thing
I can see wrong with your setup is that you're not passing return
traffic to natd:
ipfw a 89 divert 8888 tcp from 137.158.128.10 23 to 137.158.128.1
Are you using the latest version of natd ? Version 1.5 is on Ari's
site (ftp.suutari.iki.fi) or on mine (www.awfulhak.org). It's also
in RELENG_2_2 & -current.
> Thanks
> -Russell
>
--
Brian <brian@awfulhak.org>, <brian@freebsd.org>
<http://www.awfulhak.org>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708311655.RAA04114>