Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 31 Aug 1997 19:48:17 +0200 (SAT)
From:      Russell Vincent <rv@groa.uct.ac.za>
To:        brian@awfulhak.org (Brian Somers)
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Problem with packet alias/natd
Message-ID:  <E0x5E6j-00079L-00@groa.uct.ac.za>
In-Reply-To: <199708311655.RAA04114@awfulhak.demon.co.uk> from "Brian Somers" at Aug 31, 97 05:55:14 pm
next in thread | previous in thread | raw e-mail | index | archive | help 
Brian Somers wrote:
> > I read that as anything received from host 137.158.128.1 to
> > 137.158.128.10:23 is diverted to natd, which translates the source
> > address to 137.158.128.10 (the aliasing machine) and destination
> > address to 137.158.128.7.
> 
> Nope.  The source address should stay the same.  Natd will change the 
> dst address to 137.158.128.7.

Then I am missing something pretty fundamental.  :-)
137.158.128.1 sends a packet to 137.158.128.10:23, which is
redirected with source address 137.158.128.1 and dst address
137.158.128.7:23. 137.158.128.7 gets the packet and starts
up a connection to 137.158.128.1, which is not expecting
to see packets from 137.158.128.7, but 137.158.128.10, so
it will ignore them.  Surely that won't work (well, I
can't get it to work  :-) )?

> Did you really leave out the ``-'' above (before redirect_address) ?  
> I would suggest that this is the problem :-)

Ack - I did leave it out in my test!  That explains the anomoly
I had between using -a and -n.

> I can see wrong with your setup is that you're not passing return 
> traffic to natd:
> 
>   ipfw a 89 divert 8888 tcp from 137.158.128.10 23 to 137.158.128.1

Ok, added that now, but I still have the problem with the source
address being incorrect when it arrives at 137.158.128.7.

I now have:
ipfw:
00088 divert 8888 tcp from 137.158.128.1 to 137.158.128.10 23
00089 divert 8888 tcp from 137.158.128.10 23 to 137.158.128.1

# natd -v -p 8888 -a 137.158.128.10 -redirect_address 137.158.128.7 0.0.0.0

and get:

In  [TCP]  137.158.128.1:2095 -> 137.158.128.10:23 aliased to
           137.158.128.1:2095 -> 137.158.128.7:23

The packets are getting to 137.158.128.7, which sends the
response to 137.158.128.1, which in turn is not expecting
them from that host.

> Are you using the latest version of natd ?  Version 1.5 is on Ari's 
> site (ftp.suutari.iki.fi) or on mine (www.awfulhak.org).  It's also 
> in RELENG_2_2 & -current.

I am running a -current of a few days ago.

 -Russell

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0x5E6j-00079L-00>