From owner-cvs-all Fri Jul 2 0:43:52 1999 Delivered-To: cvs-all@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 636B915437; Fri, 2 Jul 1999 00:42:51 -0700 (PDT) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id KAA76960; Fri, 2 Jul 1999 10:36:57 +0300 (EEST) (envelope-from ru) Date: Fri, 2 Jul 1999 10:36:57 +0300 From: Ruslan Ermilov To: Brian Somers Cc: Ludwig Pummer , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sbin/natd natd.8 Message-ID: <19990702103656.E61429@relay.ucb.crimea.ua> References: <19990701170841.A35816@relay.ucb.crimea.ua> <199907012315.AAA04285@dev.lan.awfulhak.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <199907012315.AAA04285@dev.lan.awfulhak.org>; from Brian Somers on Fri, Jul 02, 1999 at 12:15:25AM +0100 X-Operating-System: FreeBSD 3.2-STABLE i386 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk On Fri, Jul 02, 1999 at 12:15:25AM +0100, Brian Somers wrote: > > On Mon, Jun 21, 1999 at 12:58:26AM -0700, Brian Somers wrote: > > > brian 1999/06/21 00:58:26 PDT > > > > > > Modified files: > > > sbin/natd natd.8 > > > Log: > > > Mention that data going from one internal address to another will > > > not be processed by natd. > > > Requested by: Ludwig Pummer > > > > > > Revision Changes Path > > > 1.19 +11 -4 src/sbin/natd/natd.8 > > > > > > > The text of this change was: > > } It should be noted that only incoming packets are affected. > > } ^^^^^^^^ > > } Data going from one internal network to another will not be > > } ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > } processed by natd. > > > > I don't understand. Look at my example: > > > > # ipfw add 1 divert 6666 tcp from 192.168.1.1 1234 to any > > # nc -s 192.168.1.1 -p 1234 192.168.1.2 5678 > > # natd -v -p 6666 -a 1.2.3.4 -redirect_port tcp 192.168.1.1:1234 2345 > > Out [TCP] [TCP] 192.168.1.1:1234 -> 192.168.1.2:5678 aliased to > > [TCP] 1.2.3.4:1234 -> 192.168.1.2:5678 > > > > It is outgoing packet following from one internal host to another, > > and it _is_ affected. What did you mean? > > AFAIK the above should fail horribly because none of the backstream > packets will be passed to natd and they'll therefore never get > de-aliased. > It was just an example. Here is another one: # ipfw l 1 00001 divert 6666 tcp from 192.168.1.1 1234 to any 00001 divert 6666 tcp from any to 1.2.3.4 2345 # natd -v -p 6666 -a 1.2.3.4 -redirect_port tcp 192.168.1.1:1234 2345 In [TCP] [TCP] 192.168.1.3:2419 -> 1.2.3.4:2345 aliased to [TCP] 192.168.1.3:2419 -> 192.168.1.1:1234 Out [TCP] [TCP] 192.168.1.1:1234 -> 192.168.1.3:2419 aliased to [TCP] 1.2.3.4:2345 -> 192.168.1.3:2419 > natd considers the interface that it is operating on (the one with > address 1.2.3.4 in your example) as the ``external'' interface. > I don't have such an interface at all, it's a fake IP :-) This is one major thing that I don't like in ppp(8) manpage. > A packet coming *in* to that interface will make the alias table > entry, and packets that don't pass by that interface won't be seen by > natd. > Not exactly. Don't use word ``interface''. It's is possible to run natd with `-i' and `-o' flags, and it will treat packets as incoming and outgoing a different way. > I agree it's not well worded. Feel free to reword it :-I > I don't understand at all what I should reword :-) Probably, I should re-read Ludwig's answer once more... Cheers, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message