Date: Wed, 10 Apr 2002 21:58:12 -0700 (PDT) From: <cjc@FreeBSD.org> To: barbish@a1poweruser.com, cjc@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: kern/36895: natd does not function correctly when ipfw rules use check-state/keep-state Message-ID: <200204110458.g3B4wC796014@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
Synopsis: natd does not function correctly when ipfw rules use check-state/keep-state State-Changed-From-To: open->closed State-Changed-By: cjc State-Changed-When: Wed Apr 10 21:57:54 PDT 2002 State-Changed-Why: After reviewing the submitter's rules, the problem is that states are only established for packets crossing the external interface after natd(8) gets the packets. Therefore, outgoing packets have had their source address translated to the address of the external interface and incoming packets have had the destination translated back to the private number when they hit the dynamic rules. They will not match up. This is not a bug. This is just how things work. There are ways to set up your rules so that this will work. People do this all of the time. http://www.freebsd.org/cgi/query-pr.cgi?pr=36895 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204110458.g3B4wC796014>