Date: Sun, 31 Aug 1997 19:48:17 +0200 (SAT) From: Russell Vincent <rv@groa.uct.ac.za> To: brian@awfulhak.org (Brian Somers) Cc: freebsd-questions@freebsd.org Subject: Re: Problem with packet alias/natd Message-ID: <E0x5E6j-00079L-00@groa.uct.ac.za> In-Reply-To: <199708311655.RAA04114@awfulhak.demon.co.uk> from "Brian Somers" at Aug 31, 97 05:55:14 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Somers wrote: > > I read that as anything received from host 137.158.128.1 to > > 137.158.128.10:23 is diverted to natd, which translates the source > > address to 137.158.128.10 (the aliasing machine) and destination > > address to 137.158.128.7. > > Nope. The source address should stay the same. Natd will change the > dst address to 137.158.128.7. Then I am missing something pretty fundamental. :-) 137.158.128.1 sends a packet to 137.158.128.10:23, which is redirected with source address 137.158.128.1 and dst address 137.158.128.7:23. 137.158.128.7 gets the packet and starts up a connection to 137.158.128.1, which is not expecting to see packets from 137.158.128.7, but 137.158.128.10, so it will ignore them. Surely that won't work (well, I can't get it to work :-) )? > Did you really leave out the ``-'' above (before redirect_address) ? > I would suggest that this is the problem :-) Ack - I did leave it out in my test! That explains the anomoly I had between using -a and -n. > I can see wrong with your setup is that you're not passing return > traffic to natd: > > ipfw a 89 divert 8888 tcp from 137.158.128.10 23 to 137.158.128.1 Ok, added that now, but I still have the problem with the source address being incorrect when it arrives at 137.158.128.7. I now have: ipfw: 00088 divert 8888 tcp from 137.158.128.1 to 137.158.128.10 23 00089 divert 8888 tcp from 137.158.128.10 23 to 137.158.128.1 # natd -v -p 8888 -a 137.158.128.10 -redirect_address 137.158.128.7 0.0.0.0 and get: In [TCP] 137.158.128.1:2095 -> 137.158.128.10:23 aliased to 137.158.128.1:2095 -> 137.158.128.7:23 The packets are getting to 137.158.128.7, which sends the response to 137.158.128.1, which in turn is not expecting them from that host. > Are you using the latest version of natd ? Version 1.5 is on Ari's > site (ftp.suutari.iki.fi) or on mine (www.awfulhak.org). It's also > in RELENG_2_2 & -current. I am running a -current of a few days ago. -Russell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0x5E6j-00079L-00>