Date: Sat, 17 Aug 2013 23:15:37 +0100 From: Frank Leonhardt <frank2@fjl.co.uk> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: NAT loopback using natd and ipfw Message-ID: <520FF609.9090002@fjl.co.uk>
next in thread | raw e-mail | index | archive | help
Does anyone know how to get NAT loopback (aka NAT hairpin or NAT reflection) working with natd and ipfw? It seems to work with the in-kernel NAT without the need for configuration, but not if you're using natd. I have a feeling it may be something do do with the ipfw "diverted-loopback" test in natd but if I experiment and get it wrong it's five hours on the motorway for me. Incidentally, I've set net.inet.ip.fw.one_pass set to 0 but it didn't help. Thanks, Frank. (By "NAT loopback" I mean the situation when you're using NAT to translate one WAN IP to many local LAN IPs (i.e. the usual). If a LAN machine tries to access the WAN IP, you need NAT to treat it as an incoming connection and port-forward it as appropriate to a LAN IP as if the packet had come from the Internet. This is not weird; it's what most home and small office routers do by default).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?520FF609.9090002>