From owner-freebsd-stable@FreeBSD.ORG Wed May 26 22:23:32 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE00A16A4CE for ; Wed, 26 May 2004 22:23:32 -0700 (PDT) Received: from mail.wolves.k12.mo.us (duey.wolves.k12.mo.us [207.160.214.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E2E943D3F for ; Wed, 26 May 2004 22:23:32 -0700 (PDT) (envelope-from cdillon@wolves.k12.mo.us) Received: from localhost (localhost [127.0.0.1]) by mail.wolves.k12.mo.us (Postfix) with ESMTP id 729901FEB0; Thu, 27 May 2004 00:23:07 -0500 (CDT) Received: from mail.wolves.k12.mo.us ([127.0.0.1]) by localhost (mail.wolves.k12.mo.us [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 61167-04-2; Thu, 27 May 2004 00:23:03 -0500 (CDT) Received: by mail.wolves.k12.mo.us (Postfix, from userid 1001) id 3889D1FE26; Thu, 27 May 2004 00:23:03 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by mail.wolves.k12.mo.us (Postfix) with ESMTP id 374231A980; Thu, 27 May 2004 00:23:03 -0500 (CDT) Date: Thu, 27 May 2004 00:23:03 -0500 (CDT) From: Chris Dillon To: Evgeny Ivanov In-Reply-To: <200405261808.i4QI8NRd050491@ns.networkersbg.com> Message-ID: <20040527001714.X62368@duey.wolves.k12.mo.us> References: <200405261808.i4QI8NRd050491@ns.networkersbg.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by amavisd-new at wolves.k12.mo.us cc: freebsd-stable@freebsd.org Subject: Re: NATD Issue X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 May 2004 05:23:32 -0000 On Wed, 26 May 2004, Evgeny Ivanov wrote: > in rc.conf: > natd_enable="YES" > natd_flags="-f /etc/natd.conf" You also need: gateway_enable="YES" firewall_enable="YES" Also make sure you're not doing anything silly in ipfw. Use a stock /etc/rc.firewall and set firewall_type="OPEN" in rc.conf to make real sure. > in natd.conf: > use_sockets yes > same_ports yes > reverse yes Why do you want 'reverse' enabled? You probably don't want this. > interface fxp0 Make sure this is your public interface, not the private one. > redirect_address 10.0.1.2 one-external-ip > redirect_address 10.0.1.3 two-external-ip -- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest, most open, and most stable OS on the planet - Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures - PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon?