From owner-freebsd-questions Sun Aug 31 10:48:53 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id KAA11919 for questions-outgoing; Sun, 31 Aug 1997 10:48:53 -0700 (PDT) Received: from groa.uct.ac.za (groa.uct.ac.za [137.158.128.7]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id KAA11913 for ; Sun, 31 Aug 1997 10:48:47 -0700 (PDT) Received: from rv by groa.uct.ac.za with local (Exim 1.70 #1) id 0x5E6j-00079L-00; Sun, 31 Aug 1997 19:48:17 +0200 Subject: Re: Problem with packet alias/natd To: brian@awfulhak.org (Brian Somers) Date: Sun, 31 Aug 1997 19:48:17 +0200 (SAT) Cc: freebsd-questions@freebsd.org In-Reply-To: <199708311655.RAA04114@awfulhak.demon.co.uk> from "Brian Somers" at Aug 31, 97 05:55:14 pm X-Mailer: ELM [version 2.4 PL25] Content-Type: text Message-Id: From: Russell Vincent Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Brian Somers wrote: > > I read that as anything received from host 137.158.128.1 to > > 137.158.128.10:23 is diverted to natd, which translates the source > > address to 137.158.128.10 (the aliasing machine) and destination > > address to 137.158.128.7. > > Nope. The source address should stay the same. Natd will change the > dst address to 137.158.128.7. Then I am missing something pretty fundamental. :-) 137.158.128.1 sends a packet to 137.158.128.10:23, which is redirected with source address 137.158.128.1 and dst address 137.158.128.7:23. 137.158.128.7 gets the packet and starts up a connection to 137.158.128.1, which is not expecting to see packets from 137.158.128.7, but 137.158.128.10, so it will ignore them. Surely that won't work (well, I can't get it to work :-) )? > Did you really leave out the ``-'' above (before redirect_address) ? > I would suggest that this is the problem :-) Ack - I did leave it out in my test! That explains the anomoly I had between using -a and -n. > I can see wrong with your setup is that you're not passing return > traffic to natd: > > ipfw a 89 divert 8888 tcp from 137.158.128.10 23 to 137.158.128.1 Ok, added that now, but I still have the problem with the source address being incorrect when it arrives at 137.158.128.7. I now have: ipfw: 00088 divert 8888 tcp from 137.158.128.1 to 137.158.128.10 23 00089 divert 8888 tcp from 137.158.128.10 23 to 137.158.128.1 # natd -v -p 8888 -a 137.158.128.10 -redirect_address 137.158.128.7 0.0.0.0 and get: In [TCP] 137.158.128.1:2095 -> 137.158.128.10:23 aliased to 137.158.128.1:2095 -> 137.158.128.7:23 The packets are getting to 137.158.128.7, which sends the response to 137.158.128.1, which in turn is not expecting them from that host. > Are you using the latest version of natd ? Version 1.5 is on Ari's > site (ftp.suutari.iki.fi) or on mine (www.awfulhak.org). It's also > in RELENG_2_2 & -current. I am running a -current of a few days ago. -Russell