Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Sep 2010 11:56:40 -0500
From:      "Spring, Jeremy" <Jeremy.Spring@us.lawson.com>
To:        "freebsd-doc@freebsd.org" <freebsd-doc@freebsd.org>
Subject:   RE: doc correction
Message-ID:  <538D6120D2245A4DB61D6A0556AD05CD1AC8130B@XCHGM01.corpnet.lawson.com>
In-Reply-To: <44mxrbujhi.fsf@be-well.ilk.org>
References:  <538D6120D2245A4DB61D6A0556AD05CD1AC80AEA@XCHGM01.corpnet.lawson.com> <44mxrbujhi.fsf@be-well.ilk.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the reply.  I recently found out that packet filtering (pf) was =
also enabled on this machine at the same time I was trying to setup nat / i=
pfw.  I haven't used pf before and am not sure how it would affect a natd /=
 ipfw setup.  Maybe it would be ok to throw this issue out.

-----Original Message-----
From: Lowell Gilbert [mailto:lgusenet@be-well.ilk.org]=20
Sent: Tuesday, September 21, 2010 11:53 AM
To: Spring, Jeremy
Cc: freebsd-doc@freebsd.org
Subject: Re: doc correction

Jeremy.Spring@us.lawson.com (Spring, Jeremy) writes:

> I setup nat translation and port forwarding on my FreeBSD 8.1-RELEASE mac=
hine.  It took me a while to get this working because I had to find out by =
trial and error that the interface to forward packets through is NOT the in=
terface connected to the Internet as the documentation suggests, but rather=
, is the interface connected to my private network.
>
> My final nat command string is:
> /sbin/natd -redirect_port tcp 10.13.55.4:3389 3389 -n em1
>
> where em0 is connected to the Internet, em1 is connected to my private ne=
twork, and I want to forward incoming RDP traffic destined for my public fa=
cing IP to 10.13.55.4.  The documentation suggests that I should be using m=
y Internet facing interface (em0), but this doesn't work.  The documentatio=
n I am looking at is at http://www.freebsd.org/doc/en_US.ISO8859-1/books/ha=
ndbook/network-natd.html.  Please let me know if you have any questions.

No, normally one *would* run natd on the external interface.  It
shouldn't matter a whole lot in the common case of a single internal and
a single external interface, but if you get more interfaces inside, you
really want to have them handled by the same process.

I don't currently have any redirect_port options to play with, but my
tech-support crystal ball tells me that the problem was probably with
how you got the packets chosen to go into natd in the first place.







Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?538D6120D2245A4DB61D6A0556AD05CD1AC8130B>