From owner-freebsd-stable  Mon Jul 10 16:48:12 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.122.47])
	by hub.freebsd.org (Postfix) with ESMTP id D28FD37B5C1
	for <freebsd-stable@FreeBSD.ORG>; Mon, 10 Jul 2000 16:48:10 -0700 (PDT)
	(envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
	by resnet.uoregon.edu (8.10.1/8.10.1) with ESMTP id e6ANm9m26324;
	Mon, 10 Jul 2000 16:48:09 -0700 (PDT)
Date: Mon, 10 Jul 2000 16:48:09 -0700 (PDT)
From: Doug White <dwhite@resnet.uoregon.edu>
To: Colin <cwass99@home.com>
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: natd inconsistencies
In-Reply-To: <XFMail.000710192636.cwass99@home.com>
Message-ID: <Pine.BSF.4.21.0007101647360.23759-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 10 Jul 2000, Colin wrote:

>      I found this rule was the problem using ipfw show (a very useful command
> when you're building a ruleset to see what is blocking you) which is why I
> moved it.  My concern is that it shouldn't block packets from an external
> source (eg www.FreeBSD.org ;) to 192.168.0.0/24.  It should only block packets
> from that network incoming on the external interface.  I understood natd would
> alter the dest addr on the inbound packet if it was in the table but not touch
> the source addr.  Is this not the case?  Or am I missing something obvious in
> the operation?

Don't forget about the return packets :)

Doug White                    |  FreeBSD: The Power to Serve
dwhite@resnet.uoregon.edu     |  www.FreeBSD.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message