Date: Thu, 13 Sep 2001 17:14:07 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NATD address_redirect kills host's connectivity Message-ID: <Pine.BSF.4.21.0109131635340.33637-100000@cody.jharris.com> In-Reply-To: <57469.1000404267@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 13 Sep 2001, Sheldon Hearn wrote: [snip] > I've followed all the instructions as best I can. I have IPFIREWALL, > IPFIREWALL_FORWARD and DIVERT in my kernel. I booted this new kernel > with gateway_enable="YES" in rc.conf. > > I start natd as follows: > > /sbin/natd -f /etc/natd.conf > > ---- /etc/natd.conf > interface ep0 > > # Sheldon's workstation > redirect_address 10.0.0.2 196.31.7.201 > ---- Looks OK. > > I have my workstation's public address configured as an alias on ep0: > > ---- ifconfig ep0 > ifconfig ep0 > ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 196.31.7.199 netmask 0xfffffff0 broadcast 196.31.7.207 > inet 196.31.7.201 netmask 0xffffffff broadcast 196.31.7.201 > ---- > > My custom firewall rules are in /etc/firewall.local and rc.conf > contains firewall_type="/etc/firewall.local". > > ---- /etc/firewall.local > add divert natd all from any to any via ep0 > > add allow all from any to any > ---- > Do an `ipfw -a l` at the prompt and send the output back. > Without the redirect_address line in /etc/natd.conf, my workstation > has connectivity to public addresses. Without it, the only public > address in the universe to which my host can connect is its own. > > Is there something subtle I've missed? Or perhaps I need something > more in my firewall rules that the NAT section of the Handbook > neglects to mention? > Is your alias address reachable from the outside world? Turn off natd and corresponding ipfw rule and just try to hit your alias address from the outside. You should be able to reach it (via telnet or ssh or whatever). Nick Rogness <nick@rogness.net> - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0109131635340.33637-100000>