From owner-freebsd-questions@FreeBSD.ORG  Mon Nov 10 14:59:52 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 27263F95
 for <freebsd-questions@freebsd.org>; Mon, 10 Nov 2014 14:59:52 +0000 (UTC)
Received: from mail-ob0-f178.google.com (mail-ob0-f178.google.com
 [209.85.214.178])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id E418CDCB
 for <freebsd-questions@freebsd.org>; Mon, 10 Nov 2014 14:59:51 +0000 (UTC)
Received: by mail-ob0-f178.google.com with SMTP id vb8so5765944obc.37
 for <freebsd-questions@freebsd.org>; Mon, 10 Nov 2014 06:59:45 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=X8sk/pIoJlzATFpffvJvL6+bOq521hDg7h5Yr8eHDR8=;
 b=jA661txaQjWWIXMWFfeEiO22IJs5s2l1DlLFFN4WRDde+v0jWO/m90E2HNp+ElOU+Q
 roJI3ScpO1cH+tNwMpLSQIFcBQ/RNSdZnzzGmlfWp4Hm2/GokgfFpCL5xjsN7YXfmXAn
 9o5pW5QJx2Yy7YxElqDQQEy3o02igbqHhnwQpdj9+ZimMRJy6uKJjQkcFJiLktM3AnMT
 OVefYoRaATqfGWtxzO0UYfk7dggGQqzEXGQxS83W2oJLpq5ptwnT9ABikHiz9foANcYY
 sUhUtCp7csnkaWC0z4Q/uOu+x9iGIXnwmU4k3ofmixWNBRUaC3lV9C8uoE7p2uO3tQy0
 3UwQ==
X-Gm-Message-State: ALoCoQmS51AxAY4Pq0rO/uqgEXpdSWjxt2dBWOM9UUUjZ0Jd5FEuYfJm8zBpQzDqq5BnDkblhbN9
MIME-Version: 1.0
X-Received: by 10.202.106.71 with SMTP id f68mr25374391oic.43.1415631585155;
 Mon, 10 Nov 2014 06:59:45 -0800 (PST)
Received: by 10.60.219.33 with HTTP; Mon, 10 Nov 2014 06:59:44 -0800 (PST)
In-Reply-To: <7fe88aca6228abad2e4ce66abaf42893.squirrel@webmail.blackfoot.net>
References: <7fe88aca6228abad2e4ce66abaf42893.squirrel@webmail.blackfoot.net>
Date: Mon, 10 Nov 2014 06:59:44 -0800
Message-ID: <CAHu1Y70nO+RRG+oFx3FkSBqWeJLmU_gCPY2S9EG_E62cu4-3dw@mail.gmail.com>
Subject: Re: natd not translating?
From: Michael Sierchio <kudzu@tenebras.com>
To: Gary Aitken <vagabond@blackfoot.net>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
Cc: Ian Smith <smithi@nimnet.asn.au>,
 FreeBSD Questions <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 14:59:52 -0000

On Thu, Nov 6, 2014 at 5:03 PM, Gary Aitken <vagabond@blackfoot.net> wrote:


>
> I have a non-gateway ip addr reserved for use by natd, and currently have
>   divert 8668 ip from any to any via ep0
>

You almost certainly don't want to do that - each packet not destined for
the current host will get diverted twice.  You want something like this

divert 8668 ip from any to any in recv ep0
divert 8668 ip from any to any out xmit ep0

as separate rules.  I use kernel nat, but typical nat inbound traffic
before the rules and outbound after.

- M