Date: Wed, 20 Dec 2000 23:22:39 +0100 From: Rene de Vries <freebsd@canyon.demon.nl> To: Luigi Rizzo <rizzo@aciri.org> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: statefull packet filter together with natd question Message-ID: <20001220232239.A1012@canyon.demon.nl> In-Reply-To: <200012201757.eBKHvIb77566@iguana.aciri.org>; from rizzo@aciri.org on Wed, Dec 20, 2000 at 09:57:18AM -0800 References: <20001220184937.A788@canyon.demon.nl> <200012201757.eBKHvIb77566@iguana.aciri.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 20, 2000 at 09:57:18AM -0800, Luigi Rizzo wrote: > > Currently I'm trying to move towards a statefull packet filter. When testing > > without nat all seems to work fine. But when I added natd (as the first > > rule) packets that were natd-ed on their way out had their return traffic > > blocked. The question is, what am I doing wrong?!? > > nat changes addresses and then reinjects packets in the firewall. > Chances are that there is no dynamic rule matching the > packet after the translation. This is what I know, the problem is how to nat at the right time. I played with two natting rules, one for incoming and one for outgoing traffic (to the same nat process) but I didn't got working. This made me think that there should be a simple solution to this problem. -- Rene de Vries http://www.tcja.nl mailto:rene@tcja.nl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001220232239.A1012>