From owner-freebsd-ipfw  Mon Jun 10 20:19:23 2002
Delivered-To: freebsd-ipfw@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id 6AAA337B40D
	for <freebsd-ipfw@FreeBSD.ORG>; Mon, 10 Jun 2002 20:19:19 -0700 (PDT)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id g5B3dPf38331;
	Mon, 10 Jun 2002 22:39:25 -0500 (CDT)
	(envelope-from nick@rogness.net)
Date: Mon, 10 Jun 2002 22:39:24 -0500 (CDT)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: Alexey Privalov <lucky@land3.nsu.ru>
Cc: freebsd-ipfw@FreeBSD.ORG
Subject: Re: natd & trans proxy
In-Reply-To: <20020610101352.Y47747-100000@land3.nsu.ru>
Message-ID: <Pine.BSF.4.21.0206102233430.38288-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

On Mon, 10 Jun 2002, Alexey Privalov wrote:

> hi all.
> 
> i`m running two natd`s on rl3 (external) and rl0 (internal).
> 

> the first natd is running on 8668 (standart) port and is diverting
> private ip to ip on interface and have following configuration:
> 	interface rl3
> 	unregistered_only yes
> 	use_sockets yes
> 	same_ports yes
> 

	OK.

> 
> 
> the second natd have a following configuration:
> 	port 8669
> 	proxy_only
> 	proxy_rule port 80 server proxy_addr:8888
> 	interface rl0
> 
> and is forwarding to squid.
> 
> why when interface rl0 receive http packet then it divert ip to external.
> 

	You should not be using natd to do the forwarding to your proxy
	server, since you don't want to change header info in the
	packet.  You only want to forward it to your proxy server so use
	ipfw fwd instead...that will resolve all of your issues.

	There are several examples online and within the mailing list
	archives that describe how to do this properly.

	PS.  Please don't cross-post to multiple lists.  Besides, this
	question belongs on freebsd-questions anyway.

Nick Rogness <nick@rogness.net>
 - Don't mind me...I'm just sniffing your packets



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message