Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 8 Oct 2002 15:28:28 -0400
From:      "JoeB" <barbish@a1poweruser.com>
To:        "Kim Helenius" <kim.helenius@kepa.fi>, <freebsd-questions@FreeBSD.ORG>
Subject:   RE: Puzzling NATD problem - revisited
Message-ID:  <MIEPLLIBMLEEABPDBIEGGEGJCMAA.barbish@a1poweruser.com>
In-Reply-To: <3DA2D9D0.6050908@kepa.fi>
next in thread | previous in thread | raw e-mail | index | archive | help 
You state Network topology:
Internet---Campus Network---(xl0)FreeBSD NATD machine(xl1)---Internal host

Internet is public ip address,  if Campus Network private ip address then
you
can not nat them again, if Campus Network  is public ip address then  you
should
nat  x11 for the private ip address on the lan behind the FBSD box.


-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Kim Helenius
Sent: Tuesday, October 08, 2002 9:13 AM
To: freebsd-questions@FreeBSD.ORG
Subject: Puzzling NATD problem - revisited

The setting:

Network topology:
Internet---Campus Network---(xl0)FreeBSD NATD machine(xl1)---Internal host

A custom kernel build including the following options:
options IPFIREWALL
options IPDIVERT
Used the command:
sysctl net.inet.ip.forwarding=1
And started natd with natd -interface xl0

Then did, straight from the manpage, the following firewall rules:
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via xl0
/sbin/ipfw add pass all from any to any

Now NAT works perfectly for the internal host, but (almost) all TCP
connections cease to work to/from the NATD machine. AFAIK UDP and ICMP work
perfectly. I've tried this on two different FreeBSD machines in the same
network with identical results. If I remove the divert rule, everything
works perfectly, except of course for the NAT. There have been no similar,
puzzling effects on any Linux hosts I know of in the same network. Therefore
I'm sure there's some knob I haven't pushed yet :)

I'm aware this doesn't make much of a firewall but I'd like to get natd
working before I run the firewall script.

--
Kim Helenius
kim.helenius@kepa.fi



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGGEGJCMAA.barbish>