From owner-freebsd-questions Mon Jan 5 20:08:14 1998 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id UAA23393 for questions-outgoing; Mon, 5 Jan 1998 20:08:14 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from crh.cl.msu.edu (crh.cl.msu.edu [35.8.1.24]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id UAA23134 for ; Mon, 5 Jan 1998 20:05:13 -0800 (PST) (envelope-from henrich@crh.cl.msu.edu) Resent-From: henrich@crh.cl.msu.edu Received: (from henrich@localhost) by crh.cl.msu.edu (8.8.7/8.8.7) id WAA16207 for freebsd-questions@freebsd.org; Mon, 5 Jan 1998 22:44:52 -0500 (EST) (envelope-from henrich) Resent-Message-Id: <199801060344.WAA16207@crh.cl.msu.edu> Message-ID: <19980105224436.05995@crh.cl.msu.edu> Date: Mon, 5 Jan 1998 22:44:37 -0500 From: Charles Henrich To: freebsd-questions@crh.cl.msu.edu Subject: A day in the life of a packet (NATD) ? Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88 X-Operating-System: FreeBSD 2.2.5-RELEASE X-PGP-Fingerprint: 1024/F7 FD C7 3A F5 6A 23 BF 76 C4 B8 C9 6E 41 A4 4F Resent-Date: Mon, 5 Jan 1998 22:44:52 -0500 Resent-To: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi Guys, could someone out there who knows the FreeBSD internals write up a quick "Day in the life of a packet" document for the NATD/IPFW case? Let me clearly display my ignorance by explaining what I think is going on as a way of documenting what would be cool to have for inclusion into the FAQ's on NATD/FreeBSD. Network: 10.0.0.0/8 --- ([ED1] FreeBSD Box [ED0]) --- The Internet IPFW Rules (Im creating these in the fly so they could be syntactically incorrect, but I think the design is correct): 100 allow all from any to any via lo0 200 divert 6668 all from any to any via ed0 300 allow all from THISHOST to any 310 allow all from any to THISHOST 400 allow all from 10.1.0.0/16 to any 500 allow all from 10.0.0.0/8 to INETPROXY 510 allow all from INETPROXY to 10.0.0.0/8 6500 deny all from any to any Netstat -r: Destination Gateway Flags Refs Use Netif Expire default MYINETIP UGSc 31 6956351 ed0 10 link#2 UC 0 0 10.0.0.1 0:0:c0:e1:d0:5c UHLW 0 196 lo0 10.255.255.255 ff:ff:ff:ff:ff:ff UHLWb 0 107 ed1 localhost localhost UH 11 7600 lo0 A user on host 10.0.0.2 issues a ping for INETPROXY. The ping packet is picked up by interface ed1. The packet is processed by (IPFW first?) which tools on through the list ipfw rules. This packet is matched by rule 500, and is then passed onto the (FreeBSD network core?) which decides the packet needs to be routed through interface ed0 as the default gateway. The packet is again processed by the IPFW rules as it passes into ed0, this time rule 200 matches the packet.. NATD see's this is a packet destined for the internet (HOW does it know??) and replaces 10.0.0.2 with MYINETIP. Then the packet is readback into the firewall code.. The packet then matches ruleset 300 and is passed back to the FreeBSD network code, which sends it out ed0. The ping reply is then processed inbound on ed0 by the ipfw rules.. Rule 200 again matches and the packet is sent to Natd which replaces the destination IP with 10.0.0.2, and sends it back to the firewall code, which allows it to pass on rule 510.. Then back to the FreeBSD network code, which determines the packet needs to be sent out interface ed1... Back into the firewall rules, again the packet is passed through based on rule 510. Back into FreeBSD's network code which burps the packet out ed1... So, how much of this is correct, and how much is fantasy made to fit my perception of reality? :) -Crh Charles Henrich Michigan State University henrich@msu.edu http://pilot.msu.edu/~henrich