Date: Sun, 14 Apr 2002 20:11:09 -0700 (PDT) From: Srinivasa Kanduru <ksraghavan@yahoo.com> To: freebsd-questions@freebsd.org Subject: NAT problem Message-ID: <20020415031109.32125.qmail@web10004.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi,
I wanted to turn on NAT so that using one Public_IP
assigned to me by my IP and I can use other systems
connected behind that system to internet.
I have compiled a custom-kernel with firewall to
divert all packets for NAT.
I am not sure if there is anything wrong with the NAT
configuration, but I see the following problem.
Any session can be initiated from private net to say
http request to yahoo, all the packets are translated
to a different port range on the NAT gateway on the
way out, but when the response arrives to the gateway,
reverse translation doesn't happen so a reset is sent
back to yahoo.
Port translation is supposed to happen both ways and I
am not sure why reverse translation doesn't happen.
Appreciate your help.
Thanks,
Sri
My Configuration:
# ipfw list
00050 divert 8668 ip from 192.168.0.0/16 to any via
dc0
00100 allow ip from any to any via lo0
00200 allow ip from any to any via dc0
65535 allow ip from any to any
natd.conf
--------
redirect_port udp Pvt_IP:1024-4096
My_Pub_IP:21024-24096
redirect_port tcp Pvt_IP:1024-4096
My_Pub_IP:21024-24096
verbose no
deny_incoming no
log_denied yes
log_facility security
use_sockets yes
interface dc0
-------------
# telnet yahoo.com 80
Trying 66.218.71.112...
telnet: connect to address 66.218.71.112: Connection
timed out
06:24:09.253392 0:50:4:b5:cd:d9 0:0:f8:9:69:e1 0800
74: Pvt_IP.1114 > 66.218.71.112.80: S
1326114945:1326114945(0) win 5840 <mss
1460,sackOK,timestamp 8197991 0,nop,wscale 0> (DF)
[tos 0x10]
4510 003c ffe6 4000 4006 eecf
c0a8 0102
42da 4770 045a 0050 4f0a e881
0000 0000
a002 16d0 9127 0000 0204 05b4
0402 080a
007d 1767 0000 0000 0103 0300
06:24:09.254258 0:0:f8:9:69:e1 0:0:89:2c:c4:a6 0800
74: My_Pub_IP.21114 > 66.218.71.112.80: S
1326114945:1326114945(0) win 5840 <mss
1460,sackOK,timestamp 8197991 0,nop,wscale 0> (DF)
[tos 0x10]
4510 003c ffe6 4000 3f06 232c
My_Pub_IP
42da 4771 527a 0050 4f0a e881
0000 0000
a002 16d0 7663 0000 0204 05b4
0402 080a
007d 1767 0000 0000 0103 0300
06:24:09.267912 0:0:89:2c:c4:a6 0:0:f8:9:69:e1 0800
74: 66.218.71.112.80 > My_Pub_IP.21114: S
2482313910:2482313910(0) ack 1326114946 win 65535 <mss
1460,nop,wscale 1,nop,nop,timestamp 132767898 8197991>
4500 003c 54eb 0000 3806 1538
42da 4770
My_Pub_IP 0050 527a 93f5 1ab6
4f0a e882
a012 ffff f8f2 0000 0204 05b4
0103 0301
0101 080a 07e9 e09a 007d 1767
06:24:09.267981 0:0:f8:9:69:e1 0:0:89:2c:c4:a6 0800
54: My_Pub_IP.21114 > 66.218.71.112.80: R
1326114946:1326114946(0) win 0
4500 0028 9820 0000 4006 ca16
My_Pub_IP
42da 4770 527a 0050 4f0a e882
0000 0000
5004 0000 0cf0 0000
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020415031109.32125.qmail>