Date: Tue, 16 Dec 1997 17:37:22 -0500 From: Charles Henrich <henrich@crh.cl.msu.edu> To: Ben Hockenhull <benh@blues.jpj.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd Message-ID: <19971216173722.34492@crh.cl.msu.edu> In-Reply-To: <Pine.BSI.3.95.971216173332.5433A-100000@blues.jpj.net>; from Ben Hockenhull on Tue, Dec 16, 1997 at 05:36:01PM -0500 References: <19971216165404.40245@crh.cl.msu.edu> <Pine.BSI.3.95.971216173332.5433A-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On the subject of Re: natd, Ben Hockenhull stated:
> On Tue, 16 Dec 1997, Charles Henrich wrote:
>
> > How does natd know not to translate addresses coming in from the "wrong"
> > interface? I.e:
> >
> >
> > [internet] <--> [ed0] (host) [ed1] <--> InternalNet
> >
> > All of the firewall rules and everything else seems to require ed0 be
> > specified for NATD to operate correctly, However, how does natd understand
> > that it shouldnt be translating (say 10. addresses) coming in off of the
> > internet?
>
> Well, for starters, 10.x.x.x addresses shouldn't be coming in off the
> Internet. :)
>
> You specify what packets from what interface to divert to the natd socket in
> rc.firewall. That combined with the unregistered_only option in natd should
> take care of it.
Which should mean divert is diverting ed1 packets in the above example, but if
I tell divert to do ed1, it doesnt work..
-Crh
Charles Henrich Michigan State University henrich@msu.edu
http://pilot.msu.edu/~henrich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971216173722.34492>