Date: Tue, 14 Sep 1999 14:14:14 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: Ruslan Ermilov <ru@ucb.crimea.ua> Cc: hackers@FreeBSD.ORG Subject: Re: Multiple NAT alias addresses Message-ID: <Pine.BSF.4.10.9909141411350.58561-100000@resnet.uoregon.edu> In-Reply-To: <19990914192335.A3257@relay.ucb.crimea.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 14 Sep 1999, Ruslan Ermilov wrote: > > > > use_sockets yes > > > > same_ports yes > > > > # > > > > # machine1 redirections > > > > #redirect_port tcp 192.168.2.237:ssh 1.2.3.4:ssh > > > > #redirect_port tcp 192.168.2.237:smtp 1.2.3.4:smtp > > > > #redirect_port tcp 192.168.2.237:pop3 1.2.3.4:pop3 > > > > #redirect_port tcp 192.168.2.237:imap4 1.2.3.4:imap4 > > > > > > > > # machine2 redirections > > > > redirect_port tcp 192.168.2.201:ssh 1.2.3.5:ssh > > > > redirect_port tcp 192.168.2.201:http 1.2.3.5:http > > > > > > > > I start natd with: > > > > > > > > natd -f /etc/natd.conf -n fxp0 where fxp0 is the public-side interface. > > > > > > > > Restarting natd with this configuration causes it to block everything. > > > > > > > So, without redirect_port's it works OK? > > > > Yes, and the redirect_port's work if the alias address is not specified. > > > Strange, I just run 3.2-RELEASE's natd(8) with your configuration file > and everything works as expected: Hm, rev. 1.21 of natd.c is worrisome: 1.21 Tue Sep 7 15:34:12 1999 UTC by ru CVS Tags: HEAD Diffs to 1.20 Config file parser changes: - Trailing spaces and empty lines are ignored. - A `#' sign will mark the remaining of the line as a comment. Reviewed by: Ari Suutari <ari@suutari.iki.fi> Perhaps the parser is skipping my redirect_port lines? > Firewall rules were: > 00001 divert 8668 ip from any to 1.2.3.5 via fxp2 > 00001 divert 8668 ip from 192.168.2.201 to any via fxp2 Hm, I'm using the default divert rule 'divert 8668 all from any to any via fxp0' instead of grabbing specific traffic. > Natd(8) was run as: > natd -v -f natd.cf -n fxp2 (fxp2 in an external interface) > > > telnet 1.2.3.5 123 (from 212.110.138.4): > In [TCP] [TCP] 212.110.138.4:49964 -> 1.2.3.5:123 aliased to > [TCP] 212.110.138.4:49964 -> 1.2.3.5:123 > In [TCP] [TCP] 212.110.138.4:49964 -> 1.2.3.5:123 aliased to > [TCP] 212.110.138.4:49964 -> 1.2.3.5:123 > In [TCP] [TCP] 212.110.138.4:49964 -> 1.2.3.5:123 aliased to > [TCP] 212.110.138.4:49964 -> 1.2.3.5:123 > Redirections not happening. > > > > telnet 1.2.3.5 80 (from 212.110.138.4): > In [TCP] [TCP] 212.110.138.4:49960 -> 1.2.3.5:80 aliased to > [TCP] 212.110.138.4:49960 -> 192.168.2.201:80 > Out [TCP] [TCP] 192.168.2.201:80 -> 212.110.138.4:49960 aliased to > [TCP] 1.2.3.5:80 -> 212.110.138.4:49960 > In [TCP] [TCP] 212.110.138.4:49960 -> 1.2.3.5:80 aliased to > [TCP] 212.110.138.4:49960 -> 192.168.2.201:80 > In [TCP] [TCP] 212.110.138.4:49960 -> 1.2.3.5:80 aliased to > [TCP] 212.110.138.4:49960 -> 192.168.2.201:80 > Out [TCP] [TCP] 192.168.2.201:80 -> 212.110.138.4:49960 aliased to > [TCP] 1.2.3.5:80 -> 212.110.138.4:49960 > Out [TCP] [TCP] 192.168.2.201:80 -> 212.110.138.4:49960 aliased to > [TCP] 1.2.3.5:80 -> 212.110.138.4:49960 > In [TCP] [TCP] 212.110.138.4:49960 -> 1.2.3.5:80 aliased to > [TCP] 212.110.138.4:49960 -> 192.168.2.201:80 > Redirections are happening. Very odd. I'm going to adjust the configfile so that it has no comments or blank space. Can you send me your file exactly as you wrote it? > This is a known problem, it is fixed in -STABLE: > > dfr 1999/05/22 01:29:24 PDT > > Modified files: (Branch: RELENG_3) > contrib/gdb/gdb solib.c > Log: > MFC: Problems with coredumps from static programs. argh :( Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909141411350.58561-100000>