From owner-freebsd-stable Mon Mar 25 21:27:22 2002 Delivered-To: freebsd-stable@freebsd.org Received: from rip.psg.com (rip.psg.com [147.28.0.39]) by hub.freebsd.org (Postfix) with ESMTP id 7F95137B41E for ; Mon, 25 Mar 2002 21:27:18 -0800 (PST) Received: from randy by rip.psg.com with local (Exim 4.00) id 16pjUM-000Krw-00; Mon, 25 Mar 2002 21:27:18 -0800 From: Randy Bush MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: FreeBSD Stable Subject: getting around an address-leaking natted application Message-Id: Date: Mon, 25 Mar 2002 21:27:18 -0800 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG well-traveled laptop with wi0 802.11b pc card running freebsd 4.5-stable vmware under it win98se under that and i am communicating to it from a palm pilot with 802.11b netgraph will not work with the wi pc card, so i have to use ipfw and natd hacks to make the win98 vmware client visible on the net. e.g. ipfw.rules flush add divert natd all from any to any via wi0 add pass all from any to any natd.conf dynamic yes unregistered_only yes interface wi0 # so the win98 vmware client can be browsed redirect_port tcp 192.168.254.2:137-139 137-139 redirect_port udp 192.168.254.2:137-139 137-139 # so the palm 802.11 hot-sync works redirect_port udp 192.168.254.2:14237-14239 14237-14239 redirect_port tcp 192.168.254.2:14237-14239 14237-14239 this actually works (thanks to Bob K for some pointers and finding a stupid bug) with one problem. the palm hot-sync on the win98 client seems to embed what it thinks is its ip address, 192.168.254.2, within some data packet or another. so, to make it work, i had to go to my lan's default router and add ip route 192.168.254.0 255.255.255.0 as this is a well-traveled laptop, i don't want to count on a hack to the local default router. it's a pretty grotty hack anyway. i am looking for other bright ideas. some mediocre ones that have occurred to me o hack proxy arp on the laptop. but in many many years on net, i have abjured proxy arp. if i have to do this, what is the recommended tool/hack? but a tcpdump did not show the puppy arping to find the natted 192.168. this makes sense, as why should it arp when it knows that the target can not be on the interface and needs to be routed? o don't let the palm pilot dhcp, and hand configure it every time and place to point to the laptop's public address for its default route. awfully inconvenient. surely i am missing something obvious and not too disgusting here. randy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message