From owner-freebsd-questions  Tue Dec 16 14:36:11 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id OAA07096
          for questions-outgoing; Tue, 16 Dec 1997 14:36:11 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from blues.jpj.net (benh@blues.jpj.net [204.97.17.146])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA07075
          for <freebsd-questions@FreeBSD.ORG>; Tue, 16 Dec 1997 14:36:07 -0800 (PST)
          (envelope-from benh@blues.jpj.net)
Received: from localhost (benh@localhost) by blues.jpj.net (backatcha) with SMTP id RAA07852; Tue, 16 Dec 1997 17:36:01 -0500 (EST)
Date: Tue, 16 Dec 1997 17:36:01 -0500 (EST)
From: Ben Hockenhull <benh@blues.jpj.net>
To: Charles Henrich <henrich@crh.cl.msu.edu>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: natd
In-Reply-To: <19971216165404.40245@crh.cl.msu.edu>
Message-ID: <Pine.BSI.3.95.971216173332.5433A-100000@blues.jpj.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Tue, 16 Dec 1997, Charles Henrich wrote:

> How does natd know not to translate addresses coming in from the "wrong"
> interface?  I.e:
> 
> 
> [internet] <--> [ed0] (host) [ed1] <--> InternalNet
> 
> All of the firewall rules and everything else seems to require ed0 be
> specified for NATD to operate correctly, However, how does natd understand
> that it shouldnt be translating (say 10. addresses) coming in off of the
> internet?

Well, for starters, 10.x.x.x addresses shouldn't be coming in off the
Internet. :)

You specify what packets from what interface to divert to the natd socket
in rc.firewall.  That combined with the unregistered_only option in natd
should take care of it.

Ben