From owner-freebsd-questions@FreeBSD.ORG  Tue May 18 16:09:46 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9DFA1106564A
	for <freebsd-questions@freebsd.org>;
	Tue, 18 May 2010 16:09:46 +0000 (UTC)
	(envelope-from casey@phantombsd.org)
Received: from mail.phantombsd.org (mail.phantombsd.org [74.94.69.226])
	by mx1.freebsd.org (Postfix) with ESMTP id 761FA8FC19
	for <freebsd-questions@freebsd.org>;
	Tue, 18 May 2010 16:09:46 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mail.phantombsd.org (Postfix) with ESMTP id A8451A980E7
	for <freebsd-questions@freebsd.org>;
	Tue, 18 May 2010 08:51:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at spitfire.phantombsd.org
Received: from mail.phantombsd.org ([127.0.0.1])
	by localhost (mail.phantombsd.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id iCUjMhtmVHNL for <freebsd-questions@freebsd.org>;
	Tue, 18 May 2010 08:51:11 -0700 (PDT)
Received: from mail.phantombsd.org (spitfire.phantombsd.org [192.168.1.2])
	by mail.phantombsd.org (Postfix) with ESMTP id 051A4A98089
	for <freebsd-questions@freebsd.org>;
	Tue, 18 May 2010 08:51:11 -0700 (PDT)
Date: Tue, 18 May 2010 08:51:10 -0700 (PDT)
From: Casey Scott <casey@phantombsd.org>
To: freebsd-questions@freebsd.org
Message-ID: <963159806.27.1274197870913.JavaMail.root@spitfire.phantombsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [208.95.100.4]
X-Mailer: Zimbra 6.0.5_GA_2213.RHEL5_64 (ZimbraWebClient - FF3.0
	(Win)/6.0.5_GA_2213.RHEL5_64)
Subject: natd in 8.1
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 May 2010 16:09:46 -0000

I recently rebuilt a server from 7.x to 8.x.  Using the exact same firewall & natd config, natd appears not to be aliasing the private address when the traffic leaves the external interface.  When sniffing traffic w/ tcpdump, I see the private address as the source address on the outbound request. 

e.g.

192.168.1.1  = internal source of request
74.75.76.77 = public address (website)
12.13.14.15 = 

   Internal                                    External
192.168.1.10  ->   74.75.76.77    (NAT)   192.168.1.10 ->  74.75.76.77


Rather than  it should be:



   Internal                                    External
192.168.1.10  ->   74.75.76.77    (NAT)   12.13.14.15 ->  74.75.76.77


Watching natd with ktrace shows that no traffic gets passed to natd when the source is internal, however external traffic passes through it.

Firewall config:
---------------------------------------------------------------------------
00200 11946  3204818 allow ip from any to any via lo0
00300     0        0 deny ip from any to 127.0.0.0/8
00301    10      528 deny ip from any to 74.94.69.225 dst-port 445
00302     1       78 deny ip from any to 74.94.69.225 dst-port 137
00303     9      544 deny ip from any to 74.94.69.225 dst-port 135
00304     0        0 deny ip from 224.0.0.0/4 to any via fxp0
00305   671    18788 deny ip from any to 224.0.0.0/4 via fxp0
01000  9093  1158436 allow ip from any to any via em0
01050 51045  5205047 divert 8668 ip from any to any in via fxp0
01100     0        0 check-state
01100 69183 83429465 allow ip from me to any
01200    29     1484 skipto 5000 ip from 192.168.1.0/24 to any out via fxp0 setup keep-state
01201     0        0 skipto 5000 udp from 192.168.1.0/24 to any out via fxp0 keep-state
01202 45002  4690467 allow ip from any to any established
01800  1421    72620 allow tcp from any to me dst-port 20,21,53,76,80,123,443
01900     3      194 allow ip from 216.251.112.0/24,208.95.100.4 to any
02000   530   127559 allow udp from any 53 to any
02100   834    59414 allow udp from any to any dst-port 53
02150  1930   146680 allow udp from any 123 to me dst-port 123
02200   468    39312 allow icmp from any to any icmptypes 0,3,11
04000   752    24282 deny log logamount 10000 ip from any to any
05000     0        0 divert 8668 ip from any to any out via fxp0
05001    29     1484 allow ip from any to any
65535     0        0 deny ip from any to any
---------------------------------------------------------------------------

natd.conf
---------------------------------------------------------------------------
use_sockets
same_ports
unregistered_only
interface fxp0

redirect_port tcp 192.168.1.82:82       82
redirect_port tcp 192.168.1.41:8082     8082
redirect_port tcp 192.168.1.3:3389      3389
redirect_port udp 192.168.1.3:3389      3389
redirect_port tcp 192.168.1.6:6881-6889 6881-6889
---------------------------------------------------------------------------


As I previously stated, this exact same config worked great in 7.x. I built a kernel in 8.x w/ IPFIREWALL & IPDIVERT, and reviewed UPDATING.  Have I missed something? 

TIA,
Casey