Date: Sun, 25 Feb 2001 16:13:53 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: "Brent B. Powers" <fbsdq@b2pi.com> Cc: "Brent B.Powers" <powers@b2pi.com>, freebsd-questions@FreeBSD.ORG Subject: Re: With natd server, can't hit my own static IP's Message-ID: <20010225161353.S89396@rfx-216-196-73-168.users.reflex> In-Reply-To: <15000.46171.122193.363607@Sophie.B2Pi.com>; from fbsdq@b2pi.com on Sun, Feb 25, 2001 at 02:29:31AM -0500 References: <bulk.28868.20010220215952@hub.freebsd.org> <20010221004746.Y62368@rfx-216-196-73-168.users.reflex> <15000.46171.122193.363607@Sophie.B2Pi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 25, 2001 at 02:29:31AM -0500, Brent B. Powers wrote: [snip] > Thus the commands (on the gateway box, with a debug firewall) > > (TBird)/etc[16]#/bin/sh /etc/rc.firewall > Flushed all rules. > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00340 divert 8668 ip from any to any via de0 > 00350 divert 8669 ip from 192.168.1.0/24 to 216.254.64.0/24 via rl0 > 65000 allow ip from any to any > (TBird)/etc[17]#/sbin/natd -config /etc/natd.conf -port 8669 -n rl0 -v > natd[26563]: Aliasing to 192.168.1.1, mtu 1500 bytes > In [ICMP] [ICMP] 192.168.1.188 -> 216.254.64.186 8(0) aliased to > [ICMP] 192.168.1.188 -> 192.168.1.186 8(0) > In [ICMP] [ICMP] 192.168.1.188 -> 216.254.64.186 8(0) aliased to > [ICMP] 192.168.1.188 -> 192.168.1.186 8(0) > In [ICMP] [ICMP] 192.168.1.188 -> 216.254.64.186 8(0) aliased to > [ICMP] 192.168.1.188 -> 192.168.1.186 8(0) > In [TCP] [TCP] 192.168.1.188:1049 -> 216.254.64.186:21 aliased to > [TCP] 192.168.1.188:1049 -> 192.168.1.186:21 > In [TCP] [TCP] 192.168.1.188:1049 -> 216.254.64.186:21 aliased to > [TCP] 192.168.1.188:1049 -> 192.168.1.186:21 > In [TCP] [TCP] 192.168.1.188:1049 -> 216.254.64.186:21 aliased to > [TCP] 192.168.1.188:1049 -> 192.168.1.186:21 I think I see what is going on here. That rule 350 was a bad idea on my part. Replies from 192.168.1.186 do not get put through NAT. What does, 00350 divert 8669 ip from any to any via rl0 And running the internal natd with the '-reverse' option do? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010225161353.S89396>