Date: Tue, 16 Dec 1997 17:37:22 -0500 From: Charles Henrich <henrich@crh.cl.msu.edu> To: Ben Hockenhull <benh@blues.jpj.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd Message-ID: <19971216173722.34492@crh.cl.msu.edu> In-Reply-To: <Pine.BSI.3.95.971216173332.5433A-100000@blues.jpj.net>; from Ben Hockenhull on Tue, Dec 16, 1997 at 05:36:01PM -0500 References: <19971216165404.40245@crh.cl.msu.edu> <Pine.BSI.3.95.971216173332.5433A-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On the subject of Re: natd, Ben Hockenhull stated: > On Tue, 16 Dec 1997, Charles Henrich wrote: > > > How does natd know not to translate addresses coming in from the "wrong" > > interface? I.e: > > > > > > [internet] <--> [ed0] (host) [ed1] <--> InternalNet > > > > All of the firewall rules and everything else seems to require ed0 be > > specified for NATD to operate correctly, However, how does natd understand > > that it shouldnt be translating (say 10. addresses) coming in off of the > > internet? > > Well, for starters, 10.x.x.x addresses shouldn't be coming in off the > Internet. :) > > You specify what packets from what interface to divert to the natd socket in > rc.firewall. That combined with the unregistered_only option in natd should > take care of it. Which should mean divert is diverting ed1 packets in the above example, but if I tell divert to do ed1, it doesnt work.. -Crh Charles Henrich Michigan State University henrich@msu.edu http://pilot.msu.edu/~henrich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971216173722.34492>