Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 12 Sep 2000 23:15:56 -0400
From:      Allen Landsidel <all@biosys.net>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Natd Failing to properly rewrite packets
Message-ID:  <4.3.2.7.2.20000912231213.00b16d18@mail.megapathdsl.net>
In-Reply-To: <20000912175431.E10483@zack.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 17:54 09/12/2000 -0700, edinel@zack.com wrote:
>So I'm building a replacement for our current firewall.
>
>Right now it's set up as a firewall_type="open" firewall
>
>natd is running with the following conf file:
>log
>interface fxp0
>redirect_port tcp 10.0.2.12:80 80
>redirect_port tcp 10.0.0.2:22 22
>
>IPDIVERT and IPFIREWALL are both compiled in.
>
>And yet packets sent to port 80 of the interface never come back.
>If I turn on verbose logging I get:
>
>natd[299]: Aliasing to 205.179.125.67, mtu 1500 bytes
>In  [TCP]  [TCP] 205.179.125.70:3094 -> 205.179.125.67:80 aliased to
>            [TCP] 205.179.125.70:3094 -> 10.0.2.12:80
>In  [TCP]  [TCP] 205.179.125.70:3094 -> 205.179.125.67:80 aliased to
>            [TCP] 205.179.125.70:3094 -> 10.0.2.12:80

You have no output here for any "Out" packets, so I am guessing that the 
machine on 10.0.2.12 does not have it's gateway set to the internal address 
of the machine owning 205.179.125.67 in your example.

Check the 10.0.2.12 machine to make sure it's receiving the packets, which 
I'm sure it is.  If it is, and it's gateway is correct, then check with a 
packet sniffer to see if it is sending responses to the packets it receives.


-------signature file-------
PGP Key Fingerprint:
446B 7718 B219 9F1E 43DD  8E4A 6BE9 D739 CCC5 7FD7

Available from ldap://certserver.pgp.com

"I don't think [Linux] will be very successful in the long run."
"My experience and some of my friends' experience is that Linux is quite 
unreliable. Microsoft is really unreliable but Linux is worse."

-Ken Thompson, Interview May 1999.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20000912231213.00b16d18>