From owner-freebsd-net@FreeBSD.ORG Tue Mar 9 16:47:01 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 028F116A4CE for ; Tue, 9 Mar 2004 16:47:01 -0800 (PST) Received: from secure.net2000.com.au (secure.net2000.com.au [203.26.98.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE52A43D39 for ; Tue, 9 Mar 2004 16:46:59 -0800 (PST) (envelope-from ktulu@net2000.com.au) Received: (from apache@localhost) by secure.net2000.com.au (8.11.6/8.11.6) id i2A0reF18330 for freebsd-net@freebsd.org; Wed, 10 Mar 2004 11:53:40 +1100 X-Authentication-Warning: secure.net2000.com.au: apache set sender to ktulu@net2000.com.au using -f Received: from 202.14.179.253 ([202.14.179.253]) by secure.net2000.com.au (IMP) with HTTP for ; Wed, 10 Mar 2004 11:53:40 +1100 Message-ID: <1078880020.404e6714a1235@secure.net2000.com.au> Date: Wed, 10 Mar 2004 11:53:40 +1100 From: ktulu@net2000.com.au To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.1 X-Originating-IP: 202.14.179.253 Subject: natd interface alias question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Mar 2004 00:47:01 -0000 Hi All, I've been playing around with this for a few weeks now and searched Google endlessly, but still can't find a solution... I apologise in advance for the length of this post. Basically, I have a freebsd machine that acts as a proxy and web server to a web application we are currently developing. The machine is configured to serve up web pages via Apache on port 80, but forward any traffic requested on port 443 to another machine behind the firewall. Below are the relevant parts of the rc.conf file: network interfaces="fxp1 lo0" ifconfig_lo0="inet 127.0.0.1" ifconfig_fxp1="inet 192.168.1.10 netmask 255.255.0.0" gateway_enable="YES" natd_enable="YES" natd_interface="fxp1" natd_flags="-l -m -redirect_port tcp 192.168.1.20:443 443" I have set the firewall to "allow ip any to any" for the sake of simplifying the problem. The configuration above works fine for one IP - when I request https://192.168.1.10/ it serves the page from 192.168.1.20. I have written a script to add another IP to the machine to perform the same task, which is where the problems begin. Basically the script issues the following commands: # Add the alias to fxp1 ifconfig fxp1 inet 192.168.1.11 netmask 255.255.255.255 alias (still not sure why the subnet mask here has to be 0xffffffff, even if I specify fxp0, which is a physically different port, but anyway it works) # Create a natd instance for the newly configured IP: /sbin/natd -n fxp1 -port 8669 -m -redirect_port tcp 192.168.1.21:443 192.168.1.11 443 # Restart the networking /etc/netstart As far as Apache is concerned this configuration is fine and it serves the correct page as configured in the VirtualHosts (on port 80). The problem is, is that if I request https://192.168.1.11/, the browser times out and does not serve the page from 192.168.1.21. Why is it that it works for one and not the aliased IP? natd does not bind to port 443 (at least nmap doesn't report it), so it's not that port 443 is already bound. If natd/FreeBSD actually capable of such a configuration or am I just overlooking something fundamental?!? Any help would be much appreciated! Thanks, Leigh P.S - I'm running FreeBSD 4.8-RELEASE