From owner-freebsd-stable  Thu Jul 12 18: 2: 8 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from snafu.adept.org (adsl-63-201-63-44.dsl.snfc21.pacbell.net [63.201.63.44])
	by hub.freebsd.org (Postfix) with ESMTP id 9A63937B401
	for <freebsd-stable@freebsd.org>; Thu, 12 Jul 2001 18:02:05 -0700 (PDT)
	(envelope-from mike@adept.org)
Received: by snafu.adept.org (Postfix, from userid 1000)
	id D1A649EE06; Thu, 12 Jul 2001 18:02:04 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by snafu.adept.org (Postfix) with ESMTP id CA2959B00C
	for <freebsd-stable@freebsd.org>; Thu, 12 Jul 2001 18:02:04 -0700 (PDT)
Date: Thu, 12 Jul 2001 18:02:04 -0700 (PDT)
From: Mike Hoskins <mike@adept.org>
To: freebsd-stable@freebsd.org
Subject: $diety, I hate natd.
Message-ID: <Pine.BSF.4.21.0107121745170.2586-100000@snafu.adept.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


Ok, I've had this working before...  now I'm apparently braindead.  Help
me see what I've overlooked this time.

Simple.  Let's redirect incoming traffic to 1.2.3.4:8080 to
192.168.0.2:80.  I've done this in the past via natd's redirect_port
argument.  Right now natd gets the following args:

  -u -l -s -m -redirect_port tcp 192.168.0.2:80 8080 -n fxp0

All standard enough and working (except the redirect, of course).  IPFW's
in place as well...  so I figured something must be getting
denied.  Although that seems to be wrong, since nothing's being logged
to /var/log/security.  Odd.

Searching the man pages, mailing list archives and the web led me to try
all of the following:

Just allow incoming on 8080:
  allow tcp from any to 1.2.3.4 8080 setup

Divert incoming 8080 to natd:
  divert natd tcp from any to 1.2.3.4 8080 setup

Try ipfw forwarding (added IPFIREWALL_FORWARD to kernel):
  fwd 192.168.0.2,80 tcp from any to 1.2.3.4 8080 in via ${oif}

Go divert-crazy per an online exmample (which doesn't work):
  divert natd tcp from 192.168.0.2 80 to any
  divert natd tcp from any to 192.168.0.2 80
  divert natd tcp from any to 1.2.3.4 8080

Each of these, and a few others, have been tried with just about every
permutation of natd arguments I can muster.  Some, like ipfw
forwarding, have also been tried by themselves.  

Funny, I don't remember this being 'hard' before.  Natd(8) makes this look
as simple as ever, so I figured I must be overlooking something
ipfw-related.

Suggestions?

Later,
-Mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message