From owner-freebsd-net  Wed Feb 28 10:15:43 2001
Delivered-To: freebsd-net@freebsd.org
Received: from black.purplecat.net (ns1.purplecat.net [209.16.228.148])
	by hub.freebsd.org (Postfix) with ESMTP id B4AB037B71A
	for <freebsd-net@freebsd.org>; Wed, 28 Feb 2001 10:15:38 -0800 (PST)
	(envelope-from peter@black.purplecat.net)
Received: from localhost (peter@localhost)
	by black.purplecat.net (8.8.8/8.8.8) with ESMTP id NAA28123
	for <freebsd-net@freebsd.org>; Wed, 28 Feb 2001 13:18:00 -0500 (EST)
	(envelope-from peter@black.purplecat.net)
Date: Wed, 28 Feb 2001 13:18:00 -0500 (EST)
From: Peter Brezny <peter@black.purplecat.net>
To: freebsd-net@freebsd.org
Subject: static nat problem
Message-ID: <Pine.BSF.4.05.10102281252020.28070-100000@black.purplecat.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I want to be able to forward all traffic coming to an external ip to an
internal ip.

I currently have nat configured and working so that all private internal
addresses are translated to a public ip as they leave the firewall machine
on their way out, but after reading the man page a couple of times, i've
been unable to set up static nat for a single public ip to private ip
translation using just the man page as a guide.

What I've done to try and get this working is to start natd from rc.conf
with both the -dynamic and -f /etc/natd.conf flags (see below).

/etc/natd.conf currently has a single line:

redirect_address 10.10.1.4 209.16.228.146

To try and clear up any weirdness, i've reduced my firewall to two lines:

#       BEGIN NAT TEST ENTRIES
        $fwcmd add divert natd all from any to any via $oif

        $fwcmd add allow all from any to any

I know that natd is doing _something_ because when i remove the
-f /etc/natd.conf
section from rc.conf, http://209.16.228.146 gives me the default page.

When i include the -f /etc/natd.conf flag in rc.conf _any_ connection to
the external ip times out.

I think I must have just missed something simple.

TIA

pb 



my rc.conf firewall options are as follows:

# Firewall options by pab 001128
syslogd_flags="-ss"
gateway_enable="YES"
firewall_enable="YES"
natd_enable="YES"
natd_interface="fxp0"
natd_flags="-dynamic -f /etc/natd.conf"
firewall_script="/etc/rc.firewall.nattest"
# end firewall options


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message