Date: Fri, 2 Jul 1999 10:36:57 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: Brian Somers <brian@Awfulhak.org> Cc: Ludwig Pummer <ludwigp@bigfoot.com>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sbin/natd natd.8 Message-ID: <19990702103656.E61429@relay.ucb.crimea.ua> In-Reply-To: <199907012315.AAA04285@dev.lan.awfulhak.org>; from Brian Somers on Fri, Jul 02, 1999 at 12:15:25AM %2B0100 References: <19990701170841.A35816@relay.ucb.crimea.ua> <199907012315.AAA04285@dev.lan.awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 02, 1999 at 12:15:25AM +0100, Brian Somers wrote:
> > On Mon, Jun 21, 1999 at 12:58:26AM -0700, Brian Somers wrote:
> > > brian 1999/06/21 00:58:26 PDT
> > >
> > > Modified files:
> > > sbin/natd natd.8
> > > Log:
> > > Mention that data going from one internal address to another will
> > > not be processed by natd.
> > > Requested by: Ludwig Pummer <ludwigp@bigfoot.com>
> > >
> > > Revision Changes Path
> > > 1.19 +11 -4 src/sbin/natd/natd.8
> > >
> >
> > The text of this change was:
> > } It should be noted that only incoming packets are affected.
> > } ^^^^^^^^
> > } Data going from one internal network to another will not be
> > } ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > } processed by natd.
> >
> > I don't understand. Look at my example:
> >
> > # ipfw add 1 divert 6666 tcp from 192.168.1.1 1234 to any
> > # nc -s 192.168.1.1 -p 1234 192.168.1.2 5678
> > # natd -v -p 6666 -a 1.2.3.4 -redirect_port tcp 192.168.1.1:1234 2345
> > Out [TCP] [TCP] 192.168.1.1:1234 -> 192.168.1.2:5678 aliased to
> > [TCP] 1.2.3.4:1234 -> 192.168.1.2:5678
> >
> > It is outgoing packet following from one internal host to another,
> > and it _is_ affected. What did you mean?
>
> AFAIK the above should fail horribly because none of the backstream
> packets will be passed to natd and they'll therefore never get
> de-aliased.
>
It was just an example. Here is another one:
# ipfw l 1
00001 divert 6666 tcp from 192.168.1.1 1234 to any
00001 divert 6666 tcp from any to 1.2.3.4 2345
# natd -v -p 6666 -a 1.2.3.4 -redirect_port tcp 192.168.1.1:1234 2345
In [TCP] [TCP] 192.168.1.3:2419 -> 1.2.3.4:2345 aliased to
[TCP] 192.168.1.3:2419 -> 192.168.1.1:1234
Out [TCP] [TCP] 192.168.1.1:1234 -> 192.168.1.3:2419 aliased to
[TCP] 1.2.3.4:2345 -> 192.168.1.3:2419
> natd considers the interface that it is operating on (the one with
> address 1.2.3.4 in your example) as the ``external'' interface.
>
I don't have such an interface at all, it's a fake IP :-)
This is one major thing that I don't like in ppp(8) manpage.
> A packet coming *in* to that interface will make the alias table
> entry, and packets that don't pass by that interface won't be seen by
> natd.
>
Not exactly. Don't use word ``interface''. It's is possible to run
natd with `-i' and `-o' flags, and it will treat packets as incoming
and outgoing a different way.
> I agree it's not well worded. Feel free to reword it :-I
>
I don't understand at all what I should reword :-)
Probably, I should re-read Ludwig's answer once more...
Cheers,
--
Ruslan Ermilov Sysadmin and DBA of the
ru@ucb.crimea.ua United Commercial Bank,
ru@FreeBSD.org FreeBSD committer,
+380.652.247.647 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990702103656.E61429>