From owner-freebsd-net Mon Apr 3 1:41:32 2000 Delivered-To: freebsd-net@freebsd.org Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184]) by hub.freebsd.org (Postfix) with ESMTP id 4CAA237BC15 for ; Mon, 3 Apr 2000 01:41:19 -0700 (PDT) (envelope-from luigi@info.iet.unipi.it) Received: (from luigi@localhost) by info.iet.unipi.it (8.9.3/8.9.3) id KAA56450; Mon, 3 Apr 2000 10:38:40 +0200 (CEST) (envelope-from luigi) From: Luigi Rizzo Message-Id: <200004030838.KAA56450@info.iet.unipi.it> Subject: Re: natd problem In-Reply-To: <200004030723.IAA00468@hak.lan.Awfulhak.org> from Brian Somers at "Apr 3, 2000 08:23:26 am" To: Brian Somers Date: Mon, 3 Apr 2000 10:38:40 +0200 (CEST) Cc: Brendan Kosowski , FreeBSD Networking , brian@hak.lan.Awfulhak.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > The problem here is that the reply packets are going direct and > aren't getting de-aliased by natd - natd doesn't even get to see them. speaking of this... the usual suggestion for setting NATD is to config the firewall as ipfw -q flush ipfw add 100 divert natd ip from any to any via $natd_interface ipfw add 200 allow ip from any to any but this puts a lot of load on the machine acting as natd daemon, as all local traffic is also passed to the daemon where it is not subject to any translation. In some cases this is quite a problem e.g. when you put all sorts of services on the same machine doing natd. Does anyone have a more accurate way to pass interesting packets to the daemon ? I could probably come up with something but i'd rather avoid duplicating work already done. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message