Date: Sat, 26 Aug 2000 12:02:40 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: Thomas David Rivers <rivers@dignus.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: natd & redirect with 4.1-RELEASE? Message-ID: <Pine.BSF.4.21.0008261159210.40564-100000@resnet.uoregon.edu> In-Reply-To: <200008260027.UAA91074@lakes.dignus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 25 Aug 2000, Thomas David Rivers wrote: > > I'm trying to move a venerable 3.1-RELEASE gateway to 4.1-RELEASE, > but I'm having a bit of a problem with natd & port redirection. > > The firewall type is `open', and I have the following > options in the kernel: > > /etc/rc.conf looks like: > > firewall_enable="YES" > firewall_type=open You might make this firewall_type="open" just to make sure it isn't interpreting something. > natd_enable="YES" > natd_interface="xl0" > natd_flags="-l -m -u -redirect_port tcp 10.0.0.11:telnet 6666 -redirect_port udp 10.0.0.11:telnet 6666" With that many flags, you should consider writing a natd.conf and using the -f flag to load it. Having a config file for natd makes it much easier to maintain (and reload at runtime since natd doesn't recognize SIGHUP). > This worked just fantastic with 3.1-RELEASE; but I can't seem to get > it to work for 4.1-RELEASE. When you try to telnet to the gateway > at port 6666, it just sits there... have you tried tcpdumping it? Perhaps it's doing a DNS lookup? You should also try compiling with IPFIREWALL_VERBOSE and set up logging on your rules to see where they're going. > Does anyone else have natd issues with 4.1-RELEASE? Have I left > something out here? (Could IPFIREWALL_FORWARD be the culprit?) divert doesn't touch fwd. Doug White | FreeBSD: The Power to Serve dwhite@resnet.uoregon.edu | www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008261159210.40564-100000>