Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Apr 2002 16:03:31 -0400
From:      Matt Simerson <freebsd@blockads.com>
To:        Julian Elischer <julian@elischer.org>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Is natd the right tool?
Message-ID:  <3242764A-4D87-11D6-8065-00306553B5E4@blockads.com>
In-Reply-To: <Pine.BSF.4.21.0204111038360.65137-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thursday, April 11, 2002, at 01:39  PM, Julian Elischer wrote:

> check out ipfw's 'fwd' command

Cool, never realized that was there. So, I tried it:

I recompiled my kernel after adding IPFIREWALL_FORWARD to it. Then:

ipfw add fwd 127.0.0.2,53 udp from any to 192.168.7.251 55
ipfw add fwd 127.0.0.2,53 tcp from any to 192.168.7.251 55

matt# ipfw show
00100      4       228 fwd 127.0.0.2,53 udp from any to 192.168.7.251 55
00200      0            0 fwd 127.0.0.2,53 tcp  from any to 
192.168.7.251 55
65535 528096 456266843 allow ip from any to any

(I use DEFAULT_TO_ACCEPT)

xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         options=3<rxcsum,txcsum>
         inet 192.168.7.251 netmask 0xfffffe00 broadcast 192.168.7.255
         ether 00:01:02:38:2b:c7
         media: Ethernet autoselect (100baseTX <full-duplex>)
         status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
         inet6 ::1 prefixlen 128
         inet 127.0.0.1 netmask 0xff000000
         inet 127.0.0.2 netmask 0xffffffff


DNS server still serves happily off 127.0.0.2:

matt# dig www.foo.com @127.0.0.2
; <<>> DiG 8.3 <<>> www.foo.com @127.0.0.2
<snip>
;; ANSWER SECTION:
www.foo.com.            1D IN A         207.89.154.94
<snip>


But it still won't serve off my external interface:

matt# dig -p55 www.foo.com @192.168.7.251
; <<>> DiG 8.3 <<>> -p55 www.foo.com @192.168.7.251
; (1 server found)
;; res options: init recurs defnam dnsrch
;; res_nsend to server 192.168.7.251: Connection refused


What am I missing?

Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3242764A-4D87-11D6-8065-00306553B5E4>