Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 26 Aug 2000 12:02:40 -0700 (PDT)
From:      Doug White <dwhite@resnet.uoregon.edu>
To:        Thomas David Rivers <rivers@dignus.com>
Cc:        freebsd-stable@FreeBSD.ORG
Subject:   Re: natd & redirect with 4.1-RELEASE?
Message-ID:  <Pine.BSF.4.21.0008261159210.40564-100000@resnet.uoregon.edu>
In-Reply-To: <200008260027.UAA91074@lakes.dignus.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 25 Aug 2000, Thomas David Rivers wrote:

> 
> I'm trying to move a venerable 3.1-RELEASE gateway to 4.1-RELEASE,
> but I'm having a bit of a problem with natd & port redirection.
> 
> The firewall type is `open', and I have the following
> options in the kernel:
> 
> /etc/rc.conf looks like:
> 
>      firewall_enable="YES"
>      firewall_type=open

You might make this 

firewall_type="open"

just to make sure it isn't interpreting something.

>      natd_enable="YES"
>      natd_interface="xl0"
>      natd_flags="-l -m -u -redirect_port tcp 10.0.0.11:telnet 6666 -redirect_port udp 10.0.0.11:telnet 6666"

With that many flags, you should consider writing a natd.conf and using
the -f flag to load it.  Having a config file for natd makes it much
easier to maintain (and reload at runtime since natd doesn't recognize
SIGHUP).

> This worked just fantastic with 3.1-RELEASE; but I can't seem to get
> it to work for 4.1-RELEASE.   When you try to telnet to the gateway
> at port 6666, it just sits there...

have you tried tcpdumping it?  Perhaps it's doing a DNS lookup?

You should also try compiling with IPFIREWALL_VERBOSE and set up logging
on your rules to see where they're going.

> Does anyone else have natd issues with 4.1-RELEASE?  Have I left
> something out here?  (Could IPFIREWALL_FORWARD be the culprit?)

divert doesn't touch fwd.

Doug White                    |  FreeBSD: The Power to Serve
dwhite@resnet.uoregon.edu     |  www.FreeBSD.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008261159210.40564-100000>