Date: Thu, 12 Jul 2001 18:02:04 -0700 (PDT) From: Mike Hoskins <mike@adept.org> To: freebsd-stable@freebsd.org Subject: $diety, I hate natd. Message-ID: <Pine.BSF.4.21.0107121745170.2586-100000@snafu.adept.org>
next in thread | raw e-mail | index | archive | help
Ok, I've had this working before... now I'm apparently braindead. Help
me see what I've overlooked this time.
Simple. Let's redirect incoming traffic to 1.2.3.4:8080 to
192.168.0.2:80. I've done this in the past via natd's redirect_port
argument. Right now natd gets the following args:
-u -l -s -m -redirect_port tcp 192.168.0.2:80 8080 -n fxp0
All standard enough and working (except the redirect, of course). IPFW's
in place as well... so I figured something must be getting
denied. Although that seems to be wrong, since nothing's being logged
to /var/log/security. Odd.
Searching the man pages, mailing list archives and the web led me to try
all of the following:
Just allow incoming on 8080:
allow tcp from any to 1.2.3.4 8080 setup
Divert incoming 8080 to natd:
divert natd tcp from any to 1.2.3.4 8080 setup
Try ipfw forwarding (added IPFIREWALL_FORWARD to kernel):
fwd 192.168.0.2,80 tcp from any to 1.2.3.4 8080 in via ${oif}
Go divert-crazy per an online exmample (which doesn't work):
divert natd tcp from 192.168.0.2 80 to any
divert natd tcp from any to 192.168.0.2 80
divert natd tcp from any to 1.2.3.4 8080
Each of these, and a few others, have been tried with just about every
permutation of natd arguments I can muster. Some, like ipfw
forwarding, have also been tried by themselves.
Funny, I don't remember this being 'hard' before. Natd(8) makes this look
as simple as ever, so I figured I must be overlooking something
ipfw-related.
Suggestions?
Later,
-Mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0107121745170.2586-100000>