Date: Thu, 13 Feb 2025 10:03:47 -0700 From: Gary Aitken <freebsd@dreamchaser.org> To: questions@freebsd.org Subject: Re: natd problem -- pass specific IP to internal machine Message-ID: <e93c1f23-4651-4eec-afdb-4d6ddd808228@dreamchaser.org> In-Reply-To: <a80914eb-1d0d-4230-97e6-6351e5fa514e@fjl.co.uk> References: <32257deb-4ef3-4d7f-bb15-94cc8743dcd5@dreamchaser.org> <a80914eb-1d0d-4230-97e6-6351e5fa514e@fjl.co.uk>
index | next in thread | previous in thread | raw e-mail
On 2/12/25 05:42, Frank Leonhardt wrote: > On 09/02/2025 17:28, Gary Aitken wrote: >> my natd has been translating fine using: >> >> interface xl0 use_sockets yes same_ports yes unregistered_only yes >> >> However, I am having an issue with a particular internal system >> (solar inverter) and I would like to be able to tcpdump it on the >> external interface. >> > As no one experienced with natd has replied, an observation: After a > decade or more of struggling with ipfw+natd, because it was the > "FreeBSD" solution, I discovered PF and have never never looked back > after fifteen years. I just wish someone had told me earlier. The > FreeBSD documentation gives equal weight to multiple solutions in > various places and would be better if it said "this is the old > system that hardly anyone uses" more often, so you knew which to > pick first. Thanks, will think about moving to PF on my next major upgrade. I think I started that a while ago but it got pushed aside. I was about to post I finally found the issue; I had limited ICMP to specific types quite a while ago and had mistakenly left off type 0, echo reply. The old inverter I was replacing didn't use ICMP, but the new one probes 8.8.8.8 (google) as a crude mechanism to determine if the "internet" is connected. Getting no reply, it assumed the internet was unavailable and wouldn't even attempt to communicate, even though it could ping its gateway just fine. Bad design. Most of my testing was from the internal network; ipfw wasn't involved in those so everything appeared to work; and pinging *from* an external system also worked. Once I realized the 8.8.8.8 response was arriving but not being passed on I could track it down. Garyhelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e93c1f23-4651-4eec-afdb-4d6ddd808228>