Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Jul 2001 18:02:04 -0700 (PDT)
From:      Mike Hoskins <mike@adept.org>
To:        freebsd-stable@freebsd.org
Subject:   $diety, I hate natd.
Message-ID:  <Pine.BSF.4.21.0107121745170.2586-100000@snafu.adept.org>

next in thread | raw e-mail | index | archive | help

Ok, I've had this working before...  now I'm apparently braindead.  Help
me see what I've overlooked this time.

Simple.  Let's redirect incoming traffic to 1.2.3.4:8080 to
192.168.0.2:80.  I've done this in the past via natd's redirect_port
argument.  Right now natd gets the following args:

  -u -l -s -m -redirect_port tcp 192.168.0.2:80 8080 -n fxp0

All standard enough and working (except the redirect, of course).  IPFW's
in place as well...  so I figured something must be getting
denied.  Although that seems to be wrong, since nothing's being logged
to /var/log/security.  Odd.

Searching the man pages, mailing list archives and the web led me to try
all of the following:

Just allow incoming on 8080:
  allow tcp from any to 1.2.3.4 8080 setup

Divert incoming 8080 to natd:
  divert natd tcp from any to 1.2.3.4 8080 setup

Try ipfw forwarding (added IPFIREWALL_FORWARD to kernel):
  fwd 192.168.0.2,80 tcp from any to 1.2.3.4 8080 in via ${oif}

Go divert-crazy per an online exmample (which doesn't work):
  divert natd tcp from 192.168.0.2 80 to any
  divert natd tcp from any to 192.168.0.2 80
  divert natd tcp from any to 1.2.3.4 8080

Each of these, and a few others, have been tried with just about every
permutation of natd arguments I can muster.  Some, like ipfw
forwarding, have also been tried by themselves.  

Funny, I don't remember this being 'hard' before.  Natd(8) makes this look
as simple as ever, so I figured I must be overlooking something
ipfw-related.

Suggestions?

Later,
-Mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0107121745170.2586-100000>