From owner-freebsd-hackers  Thu Apr 11 13: 3:59 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from lab.simerson.net (lab.simerson.net [64.224.9.172])
	by hub.freebsd.org (Postfix) with ESMTP id 9B3AB37B416
	for <freebsd-hackers@freebsd.org>; Thu, 11 Apr 2002 13:03:44 -0700 (PDT)
Received: (qmail 98890 invoked from network); 11 Apr 2002 20:03:43 -0000
Received: from unknown (HELO matt-g4.interland.net) (63.96.154.98)
  by lab.simerson.net with DES-CBC3-SHA encrypted SMTP; 11 Apr 2002 20:03:43 -0000
Date: Thu, 11 Apr 2002 16:03:31 -0400
Subject: Re: Is natd the right tool?
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v481)
Cc: freebsd-hackers@freebsd.org
To: Julian Elischer <julian@elischer.org>
From: Matt Simerson <freebsd@blockads.com>
In-Reply-To: <Pine.BSF.4.21.0204111038360.65137-100000@InterJet.elischer.org>
Message-Id: <3242764A-4D87-11D6-8065-00306553B5E4@blockads.com>
Content-Transfer-Encoding: 7bit
X-Mailer: Apple Mail (2.481)
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Thursday, April 11, 2002, at 01:39  PM, Julian Elischer wrote:

> check out ipfw's 'fwd' command

Cool, never realized that was there. So, I tried it:

I recompiled my kernel after adding IPFIREWALL_FORWARD to it. Then:

ipfw add fwd 127.0.0.2,53 udp from any to 192.168.7.251 55
ipfw add fwd 127.0.0.2,53 tcp from any to 192.168.7.251 55

matt# ipfw show
00100      4       228 fwd 127.0.0.2,53 udp from any to 192.168.7.251 55
00200      0            0 fwd 127.0.0.2,53 tcp  from any to 
192.168.7.251 55
65535 528096 456266843 allow ip from any to any

(I use DEFAULT_TO_ACCEPT)

xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         options=3<rxcsum,txcsum>
         inet 192.168.7.251 netmask 0xfffffe00 broadcast 192.168.7.255
         ether 00:01:02:38:2b:c7
         media: Ethernet autoselect (100baseTX <full-duplex>)
         status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
         inet6 ::1 prefixlen 128
         inet 127.0.0.1 netmask 0xff000000
         inet 127.0.0.2 netmask 0xffffffff


DNS server still serves happily off 127.0.0.2:

matt# dig www.foo.com @127.0.0.2
; <<>> DiG 8.3 <<>> www.foo.com @127.0.0.2
<snip>
;; ANSWER SECTION:
www.foo.com.            1D IN A         207.89.154.94
<snip>


But it still won't serve off my external interface:

matt# dig -p55 www.foo.com @192.168.7.251
; <<>> DiG 8.3 <<>> -p55 www.foo.com @192.168.7.251
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server 192.168.7.251: Connection refused


What am I missing?

Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message