Date: Mon, 3 Apr 2000 10:38:40 +0200 (CEST) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: Brian Somers <brian@Awfulhak.org> Cc: Brendan Kosowski <brendan@bmk.com.au>, FreeBSD Networking <freebsd-net@FreeBSD.ORG>, brian@hak.lan.Awfulhak.org Subject: Re: natd problem Message-ID: <200004030838.KAA56450@info.iet.unipi.it> In-Reply-To: <200004030723.IAA00468@hak.lan.Awfulhak.org> from Brian Somers at "Apr 3, 2000 08:23:26 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> The problem here is that the reply packets are going direct and > aren't getting de-aliased by natd - natd doesn't even get to see them. speaking of this... the usual suggestion for setting NATD is to config the firewall as ipfw -q flush ipfw add 100 divert natd ip from any to any via $natd_interface ipfw add 200 allow ip from any to any but this puts a lot of load on the machine acting as natd daemon, as all local traffic is also passed to the daemon where it is not subject to any translation. In some cases this is quite a problem e.g. when you put all sorts of services on the same machine doing natd. Does anyone have a more accurate way to pass interesting packets to the daemon ? I could probably come up with something but i'd rather avoid duplicating work already done. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004030838.KAA56450>