From owner-freebsd-hackers  Wed Feb  6 18:50:14 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from hall.mail.mindspring.net (hall.mail.mindspring.net [207.69.200.60])
	by hub.freebsd.org (Postfix) with ESMTP id A2BF537B41F
	for <freebsd-hackers@freebsd.org>; Wed,  6 Feb 2002 18:50:05 -0800 (PST)
Received: from user-37kaot9.dialup.mindspring.com ([207.69.99.169] helo=mr-p.protolan)
	by hall.mail.mindspring.net with esmtp (Exim 3.33 #1)
	id 16YedH-00026d-00; Wed, 06 Feb 2002 21:49:55 -0500
Date: Wed, 6 Feb 2002 21:54:17 -0500
From: "Marko" <markovich@mindspring.com>
X-Mailer: The Bat! (v1.53d) Personal
Reply-To: Anikin <markovich@mindspring.com>
X-Priority: 3 (Normal)
Message-ID: <199529679048.20020206215417@mindspring.com>
To: "Rogier R. Mulhuijzen" <drwilco@drwilco.net>
Cc: Doug White <dwhite@resnet.uoregon.edu>,
	freebsd-hackers@FreeBSD.ORG
Subject: Re[4]: natd UDP errors with PPP demand dial
In-Reply-To: <165500266655.20020206134404@mindspring.com>
References: <20020204114052.Q61624-100000@resnet.uoregon.edu>
 <20020204114052.Q61624-100000@resnet.uoregon.edu>
 <5.1.0.14.0.20020206020222.01c18290@mail.drwilco.net>
 <165500266655.20020206134404@mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

M> Thank you for your response, Rogier.

RRM>> 1) Have you told natd the interface is dynamic and might change IPs?

M> Yes, of course.

RRM>> 2) If you're using ppp, why even bother with natd? The NAT in ppp uses the 
RRM>> exact same libalias and gives you less headaches with ipfw because the 
RRM>> translation on incoming packets is done before they hit ipfw, and outgoing 
RRM>> after ipfw let them go. I can tell you this helps a lot when trying to use 
RRM>> dynamic rules.

M> That's    a   great   idea!   I had not considered it until now. I would
M> just  need  to  work  the anti-spoofing and private net rules into the ppp nat process
M> somehow.   I  guess,  I would have to use ppp filtering just for those
M> rules.   If  I  can  do that, your way does seem to be a good place to
M> start in resolving my error messages.

I  think  having  ppp  do the NAT for me is not going to work. The ppp
manual I have here says that ppp does incoming filtering after it does
incoming  NAT.  I  don't  see how one can have private nets, spoofing,
Reserved-1  and  such  filtering  that  has  to  happen on the outside
interface before NAT. Plus, I think I will run out of "in" filter rule
numbers.

I  think  I  have to stick with the conventional setup, and go back to
trying to answer my original questions:

1. Why is the machine trying to send packets to its own previous IP?
2. How do I stop that?

Marko


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message