Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Apr 2002 21:58:12 -0700 (PDT)
From:      <cjc@FreeBSD.org>
To:        barbish@a1poweruser.com, cjc@FreeBSD.org, freebsd-bugs@FreeBSD.org
Subject:   Re: kern/36895: natd does not function correctly when ipfw rules use check-state/keep-state
Message-ID:  <200204110458.g3B4wC796014@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
Synopsis: natd does not function correctly when ipfw rules use check-state/keep-state

State-Changed-From-To: open->closed
State-Changed-By: cjc
State-Changed-When: Wed Apr 10 21:57:54 PDT 2002
State-Changed-Why: 
After reviewing the submitter's rules, the problem is that states are
only established for packets crossing the external interface after
natd(8) gets the packets. Therefore, outgoing packets have had their
source address translated to the address of the external interface and
incoming packets have had the destination translated back to the
private number when they hit the dynamic rules. They will not match
up.

This is not a bug. This is just how things work. There are ways to set
up your rules so that this will work. People do this all of the time.

http://www.freebsd.org/cgi/query-pr.cgi?pr=36895

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204110458.g3B4wC796014>