Date: Mon, 6 Aug 2001 14:26:43 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Tabor Kelly <pdxmax@dsl-only.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd redirect_port only works from the outside Message-ID: <20010806142643.A449@blossom.cjclark.org> In-Reply-To: <3416923460.20010805161033@dsl-only.net>; from pdxmax@dsl-only.net on Sun, Aug 05, 2001 at 04:10:33PM -0700 References: <3416923460.20010805161033@dsl-only.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 05, 2001 at 04:10:33PM -0700, Tabor Kelly wrote: > Okay. After much fuss I discovered that I was redirecting ports > through natd, but from the outside only! [snip] > Does anybody have any ideas? Yes. This is the expected behavior. You didn't post your ipfw(8) rules, but you probably have one like, divert natd ip from any to any via xl0 Now, when a machine on your internal network sends a packet to 63.105.29.28 the packet comes into the machine on xl1, and the packet does not match that rule. I assume the packet will get passed at another rule where it is handed the OS's network stack which will process it, notice the packet is for meant for itself and deal with it accordingly. Thus, the packet never is processed on interface xl0 and never passed through natd(8). There are basically two ways to handle this, split name services or ugly, ugly NAT games. For most setups, I would recommend split name services (split DNS or hacked /etc/hosts files), but the best option really depends on your particular site. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010806142643.A449>