Date: Thu, 5 Oct 2000 20:40:59 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Michael L Artz <slyph@MIT.EDU> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Static NAT with natd and ipfw Message-ID: <20001005204059.I25121@149.211.6.64.reflexcom.com> In-Reply-To: <200010060314.XAA11579@ten-thousand-dollar-bill.mit.edu>; from slyph@MIT.EDU on Thu, Oct 05, 2000 at 11:14:36PM -0400 References: <200010060314.XAA11579@ten-thousand-dollar-bill.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
[All of your paragraphs are on a single line. Please wrap at about 72 columns.] On Thu, Oct 05, 2000 at 11:14:36PM -0400, Michael L Artz wrote: > So, I set up NAT nicely with ipfw and natd under freebsd 4.0. Everything seemed to work fine. I compiled my kernel with the following options: > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPDIVERT > options IPSTEALTH Ewww. > set up my internal machines to use the 192.168.1.* network, and set up my gateway to use one of my static IPs. > > Now, however, I would like to statically alias one of my inside addresses to an external address. The man page seems to say to do it like this: > > natd_flags="-redirect_address inside_ip outside_ip" > > which I put in /etc/rc.conf > > I would like this to behave as though my machine behind the firewall were actually "on" the internet at the outside IP. Should work. > However, when I do this, I get the following error: > natd[84]: failed to write packet back (No route to host) Hmmm... > Also, the machine to which I am trying to alias cannot see the outside world past my firewall. It can see (and ping) the outside interface on the firewall, but nothing beyond it. Really odd. You can reach the gateway, but not past the gateway. Can any machines get past it? What is the same and what is different about this machine from ones that can reach the outside? > Is this a problem with my routing tables or what? Could be. What do 'netstat -rn' and 'ifconfig -a' return? > Also, does the inside machine need any further configuration past what was already done to get it working with natd? According to what you said, this machine does not work with natd, right? > Do I need to alias the external IP that I want it to be, or can I leave it configured as the internal (192.168.*) machine? Definately do not give the internal machine a different address. One inconsitency here, any reason you say '192.168.*' here and '192.168.1.*' above? The internal machines are all on the right net, right? > Does the gateway need to alias the IP? I don't think so. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001005204059.I25121>