From owner-freebsd-hackers  Tue Sep 14  8:51: 0 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32])
	by hub.freebsd.org (Postfix) with ESMTP id 43D121516A
	for <hackers@FreeBSD.ORG>; Tue, 14 Sep 1999 08:50:58 -0700 (PDT)
	(envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
	by resnet.uoregon.edu (8.9.3/8.9.3) with ESMTP id IAA68411;
	Tue, 14 Sep 1999 08:49:21 -0700 (PDT)
	(envelope-from dwhite@resnet.uoregon.edu)
Date: Tue, 14 Sep 1999 08:49:21 -0700 (PDT)
From: Doug White <dwhite@resnet.uoregon.edu>
To: Ruslan Ermilov <ru@ucb.crimea.ua>
Cc: hackers@FreeBSD.ORG
Subject: Re: Multiple NAT alias addresses
In-Reply-To: <19990914040220.B71293@relay.ucb.crimea.ua>
Message-ID: <Pine.BSF.4.10.9909140846130.65695-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 14 Sep 1999, Ruslan Ermilov wrote:

> > hello ..
> > 
> > We're trying to turn up a firewall box running NAT with multiple external
> > IPs.  I added the alias and set up natd.conf as follows:
> > 
> > use_sockets yes
> > same_ports yes
> > #
> > # machine1 redirections 
> > #redirect_port tcp 192.168.2.237:ssh 1.2.3.4:ssh
> > #redirect_port tcp 192.168.2.237:smtp 1.2.3.4:smtp
> > #redirect_port tcp 192.168.2.237:pop3 1.2.3.4:pop3
> > #redirect_port tcp 192.168.2.237:imap4 1.2.3.4:imap4
> > 
> > # machine2 redirections
> > redirect_port tcp 192.168.2.201:ssh 1.2.3.5:ssh
> > redirect_port tcp 192.168.2.201:http 1.2.3.5:http
> > 
> > I start natd with:
> > 
> > natd -f /etc/natd.conf -n fxp0  where fxp0 is the public-side interface.
> > 
> > Restarting natd with this configuration causes it to block everything.
> > 
> So, without redirect_port's it works OK?

Yes, and the redirect_port's work if the alias address is not specified.

> Have you tried to run it in the foreground? (`natd -v')

Not on the target machine but I did test it from home.  It looks like NAT
stops matching packets when the alias addr is provided; it lets them fall
through to the local system, where they generally get 'connection
refused'.  I am going to try it without alias addresses for the default
address (the first bank) and see if those work.

I can't attach gdb to a running -g'd version of natd, it just segfaults.
:(

> > Does natd support multiple alias addresses, or am I missing something
> > obvious?
> > 
> Definitely supports!
> 
> BTW, what version you are on?

3.2-RELEASE.

Doug White                               
Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message