From owner-freebsd-net  Mon Apr  3  1:27:55 2000
Delivered-To: freebsd-net@freebsd.org
Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.139.170])
	by hub.freebsd.org (Postfix) with ESMTP id 91C7037B67C
	for <freebsd-net@FreeBSD.ORG>; Mon,  3 Apr 2000 01:27:51 -0700 (PDT)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (hak.nat.Awfulhak.org [172.31.0.12])
	by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id JAA33746;
	Mon, 3 Apr 2000 09:27:45 +0100 (BST)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id IAA00468;
	Mon, 3 Apr 2000 08:23:26 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <200004030723.IAA00468@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.1.1 10/15/1999
To: Brendan Kosowski <brendan@bmk.com.au>
Cc: FreeBSD Networking <freebsd-net@FreeBSD.ORG>,
	brian@hak.lan.Awfulhak.org
Subject: Re: natd problem 
In-Reply-To: Message from Brendan Kosowski <brendan@bmk.com.au> 
   of "Mon, 03 Apr 2000 00:52:04 +1000." <Pine.BSF.3.96.1000403002358.14231A-100000@garfield> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 03 Apr 2000 08:23:26 +0100
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The problem here is that the reply packets are going direct and 
aren't getting de-aliased by natd - natd doesn't even get to see them.

I don't think there's any clean way of doing this - except maybe 
assigning a different real IP number to the target machine and 
letting everything else on the network know it's there via their 
routing tables.

> I am running a NAT using natd and the standard OPEN firewall setting.
> 
> The NAT has 2 ethernet cards, one to a PUBLIC ETHERNET and the other to
> our LOCAL ETHERNET (192.168.etc...)
> 
> The natd has been setup with the "-redirect_port" option so that a certain
> port on the NAT PUBLIC INTERFACE gets redirected to a server on our LOCAL
> ETHERNET therefore giving our server a PUBLIC ADDRESS/PORT.
> 
> The problem occurs when a P.C. on the LOCAL ETHERNET tries to access the
> SERVER on the LOCAL ETHERNET by way of its PUBLIC ADDRESS/PORT. The NAT
> seems to deny packets.
> 
> It is absolutely necessary that I can get natd to do this. Accessing the
> SERVER via it's local address in an unacceptable solution.
> 
> Can ANYONE help ???

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message