From owner-freebsd-questions  Tue Dec 16 14:37:53 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id OAA07305
          for questions-outgoing; Tue, 16 Dec 1997 14:37:53 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from crh.cl.msu.edu (crh.cl.msu.edu [35.8.1.24])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA07281
          for <freebsd-questions@FreeBSD.ORG>; Tue, 16 Dec 1997 14:37:33 -0800 (PST)
          (envelope-from henrich@crh.cl.msu.edu)
Received: (from henrich@localhost)
	by crh.cl.msu.edu (8.8.7/8.8.7) id RAA00385;
	Tue, 16 Dec 1997 17:37:22 -0500 (EST)
	(envelope-from henrich)
Message-ID: <19971216173722.34492@crh.cl.msu.edu>
Date: Tue, 16 Dec 1997 17:37:22 -0500
From: Charles Henrich <henrich@crh.cl.msu.edu>
To: Ben Hockenhull <benh@blues.jpj.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: natd
References: <19971216165404.40245@crh.cl.msu.edu> <Pine.BSI.3.95.971216173332.5433A-100000@blues.jpj.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.84
In-Reply-To: <Pine.BSI.3.95.971216173332.5433A-100000@blues.jpj.net>; from Ben Hockenhull on Tue, Dec 16, 1997 at 05:36:01PM -0500
X-Operating-System: FreeBSD 2.2.5-RELEASE
X-PGP-Fingerprint: 1024/F7 FD C7 3A F5 6A 23 BF  76 C4 B8 C9 6E 41 A4 4F
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On the subject of Re: natd, Ben Hockenhull stated:

> On Tue, 16 Dec 1997, Charles Henrich wrote:
> 
> > How does natd know not to translate addresses coming in from the "wrong"
> > interface?  I.e:
> > 
> > 
> > [internet] <--> [ed0] (host) [ed1] <--> InternalNet
> > 
> > All of the firewall rules and everything else seems to require ed0 be
> > specified for NATD to operate correctly, However, how does natd understand
> > that it shouldnt be translating (say 10. addresses) coming in off of the
> > internet?
> 
> Well, for starters, 10.x.x.x addresses shouldn't be coming in off the
> Internet. :)
> 
> You specify what packets from what interface to divert to the natd socket in
> rc.firewall.  That combined with the unregistered_only option in natd should
> take care of it.

Which should mean divert is diverting ed1 packets in the above example, but if
I tell divert to do ed1, it doesnt work..  

-Crh

       Charles Henrich     Michigan State University     henrich@msu.edu

                         http://pilot.msu.edu/~henrich