From owner-freebsd-hackers@FreeBSD.ORG Sat Jul 26 00:42:43 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BEA237B401 for ; Sat, 26 Jul 2003 00:42:43 -0700 (PDT) Received: from comp.chem.msu.su (comp-ext.chem.msu.su [158.250.32.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE61E43F3F for ; Sat, 26 Jul 2003 00:42:41 -0700 (PDT) (envelope-from yar@comp.chem.msu.su) Received: from comp.chem.msu.su (localhost [127.0.0.1]) by comp.chem.msu.su (8.12.3p2/8.12.3) with ESMTP id h6Q7gegb065380; Sat, 26 Jul 2003 11:42:40 +0400 (MSD) (envelope-from yar@comp.chem.msu.su) Received: (from yar@localhost) by comp.chem.msu.su (8.12.3p2/8.12.3/Submit) id h6Q7gd1v065379; Sat, 26 Jul 2003 11:42:39 +0400 (MSD) (envelope-from yar) Date: Sat, 26 Jul 2003 11:42:39 +0400 From: Yar Tikhiy To: Jim Durham Message-ID: <20030726074239.GB61353@comp.chem.msu.su> References: <200307251349.38413.durham@jcdurham.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200307251349.38413.durham@jcdurham.com> User-Agent: Mutt/1.5.3i cc: freebsd-hackers@freebsd.org Subject: Re: NATD and Address Redirection X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jul 2003 07:42:43 -0000 On Fri, Jul 25, 2003 at 01:49:38PM -0400, Jim Durham wrote: > > The procedure we used was to alias a 2nd public address to the outside > interface and use a redirect_address statement in natd.conf to > redirect connections to the new public IP to the inside machine. Just a remark: If this 2nd public IP is already routed to your gateway, you don't need to add it as an alias for your gateway's outside interface. But you really need to if the latter interface is on a broadcast network and must do ARP to attract packets destined to the 2nd public IP specified to natd. > This doesn't seem to be symmetrical. You can ping the inside machine > from outside using the new address and if you connect outwards from > the inside machine, the outside world sees the connection as coming > form the new public IP. However, a test running VNC server on the > inside machine and connecting from outside does not work. You can > connect to the inside machine and it sees mouse and keyboard, but the > virtual screen does not work. It seems that the connection works > properly redirecting inward but not outward. VNC disconnects in about > a minute. Could you check if TELNET, HTTP, or SSH from the outside world to the inside machine works? The problem may have to do with VNC protocol peculiarities preventing it from working through NAT. (However, the VNC FAQ claims VNC will work through NAT.) -- Yar