Date: Wed, 15 Sep 1999 10:43:50 +0300 From: Ruslan Ermilov <ru@ucb.crimea.ua> To: Doug White <dwhite@resnet.uoregon.edu> Cc: hackers@FreeBSD.ORG Subject: Re: Multiple NAT alias addresses Message-ID: <19990915104350.G86648@relay.ucb.crimea.ua> In-Reply-To: <Pine.BSF.4.10.9909141411350.58561-100000@resnet.uoregon.edu>; from Doug White on Tue, Sep 14, 1999 at 02:14:14PM -0700 References: <19990914192335.A3257@relay.ucb.crimea.ua> <Pine.BSF.4.10.9909141411350.58561-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--mojUlQ0s9EVzWg2t Content-Type: text/plain; charset=us-ascii On Tue, Sep 14, 1999 at 02:14:14PM -0700, Doug White wrote: > On Tue, 14 Sep 1999, Ruslan Ermilov wrote: > > > > > > use_sockets yes > > > > > same_ports yes > > > > > # > > > > > # machine1 redirections > > > > > #redirect_port tcp 192.168.2.237:ssh 1.2.3.4:ssh > > > > > #redirect_port tcp 192.168.2.237:smtp 1.2.3.4:smtp > > > > > #redirect_port tcp 192.168.2.237:pop3 1.2.3.4:pop3 > > > > > #redirect_port tcp 192.168.2.237:imap4 1.2.3.4:imap4 > > > > > > > > > > # machine2 redirections > > > > > redirect_port tcp 192.168.2.201:ssh 1.2.3.5:ssh > > > > > redirect_port tcp 192.168.2.201:http 1.2.3.5:http > > > > > > > > > > I start natd with: > > > > > > > > > > natd -f /etc/natd.conf -n fxp0 where fxp0 is the public-side interface. > > > > > > > > > > Restarting natd with this configuration causes it to block everything. > > > > > > > > > So, without redirect_port's it works OK? > > > > > > Yes, and the redirect_port's work if the alias address is not specified. > > > > > Strange, I just run 3.2-RELEASE's natd(8) with your configuration file > > and everything works as expected: > > Hm, rev. 1.21 of natd.c is worrisome: > > 1.21 Tue Sep 7 15:34:12 1999 UTC by ru > CVS Tags: HEAD > Diffs to 1.20 > > Config file parser changes: > > - Trailing spaces and empty lines are ignored. > - A `#' sign will mark the remaining of the line as a comment. > > Reviewed by: Ari Suutari <ari@suutari.iki.fi> > > Perhaps the parser is skipping my redirect_port lines? > Yeah, I committed this change after one guy had the problems with redirect_port's not happening. He had `#' after `redirect_port' line, and natd(8) silently ignored it. But you said that it works for you without specifying publicIP, so this shouldn't be the case here. > > Firewall rules were: > > 00001 divert 8668 ip from any to 1.2.3.5 via fxp2 > > 00001 divert 8668 ip from 192.168.2.201 to any via fxp2 > > Hm, I'm using the default divert rule 'divert 8668 all from any to any via > fxp0' instead of grabbing specific traffic. > I understand. My rules look so, because I have another natd(8) (production) running on my outside interface, so I grabbed only those packets that were sufficient to experiment with your config file. [...] > Very odd. I'm going to adjust the configfile so that it has no comments > or blank space. Can you send me your file exactly as you wrote it? > I just copied your config file from your original posting, see attached. But PLEASE MAKE SURE you have no trailing whitespaces at the end of your redirect_port rules! Later, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --mojUlQ0s9EVzWg2t Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="natd.cf" use_sockets yes same_ports yes # # machine1 redirections #redirect_port tcp 192.168.2.237:ssh 1.2.3.4:ssh #redirect_port tcp 192.168.2.237:smtp 1.2.3.4:smtp #redirect_port tcp 192.168.2.237:pop3 1.2.3.4:pop3 #redirect_port tcp 192.168.2.237:imap4 1.2.3.4:imap4 # machine2 redirections redirect_port tcp 192.168.2.201:ssh 1.2.3.5:ssh redirect_port tcp 192.168.2.201:http 1.2.3.5:http --mojUlQ0s9EVzWg2t-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990915104350.G86648>