From owner-freebsd-questions Fri Nov 17 22:20:55 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 85D5837B479 for ; Fri, 17 Nov 2000 22:20:53 -0800 (PST) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Fri, 17 Nov 2000 22:19:25 -0800 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id eAI6KeD26660; Fri, 17 Nov 2000 22:20:40 -0800 (PST) (envelope-from cjc) Date: Fri, 17 Nov 2000 22:20:40 -0800 From: "Crist J . Clark" To: Fabrizzio Batista Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NAT with redirect_port Message-ID: <20001117222040.H9740@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <000701c050d1$afc84ae0$65010180@lojasobino.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 1.0i In-Reply-To: <000701c050d1$afc84ae0$65010180@lojasobino.com.br>; from Fabrizzio.Batista@lojasobino.com.br on Fri, Nov 17, 2000 at 06:05:06PM -0200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Nov 17, 2000 at 06:05:06PM -0200, Fabrizzio Batista wrote: > > Hi gurus, > > Iīm using NAT with redirect_port in SMTP and everything is fine when the > clients are out of my internal net. But when I try to access my internal > Server from a internal client, the redirect_port in natd not work. > > 200.12.1.1 200.12.1.2 192.168.1.2 192.168.1.1 > Internet -------> Server With NAT ---------> SMTP Server > From 200.12.1.1 : telnet 200.12.1.2 25 -> Itīs Works > > 200... 192.168.1.2/ ----------Internal Client > Server With NAT -----------> SMTP Server -> NOT WORK > From 192.168.1.3: telnet 200.12.1.2 25 -> Itīs not work > > natd -n rl0 -redirect_port 192.168.1.1:25 25 > > So, anybody help me ??? When someone tries to access the internal server from the internal network, it goes to the NAT machine which accepts the packet. It is never run through the natd(8) process since the packet never gets processed on the external interface (the one with the divert(4) rule). It is very ugly to try to fix this. It is much easier to use the local name on the internal machines. If you really want to go the other way, it involves running another instance of natd(8) on the internal interface. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message