Date: Thu, 12 Jul 2001 20:28:18 -0700 (PDT) From: Mike Hoskins <mike@adept.org> To: Matt Dillon <dillon@earth.backplane.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: $diety, I hate natd. Message-ID: <Pine.BSF.4.21.0107122019001.4264-100000@snafu.adept.org> In-Reply-To: <200107130130.f6D1UnV59190@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Jul 2001, Matt Dillon wrote: > My new 'firewall' manual page has an ipfw example of a natd setup. > It might help. You need a relatively recent -stable to have the > man page. I see the page... Thanks, btw. However, it still seems fubar. Like I said before, natd's configuration looks simple enough, but packets aren't getting through. If I add an ipfw rule to just allow traffic to the outside port (8080), I see incoming packets hitting the rule... but no connection (no real fowarding to the internal ip:port). If I run a sniffer on the outside interface, I see connection attempts to 8080... run the same sniffer on the internal interface, nothing. My first thought was 'duh, the packets have to get to natd somehow so redirect_port can actually do something...' but changing the 8080 allow to a divert doesn't fix the problem. So next I figured one piece of the conversation was dying... somewhere... I.e. inbound's fine but I'm fscking something up outbound... but no denied packets in logs. It certainly seems like natd's working and ipfw just isn't allowing packets to get 'into' natd for the redirect. Unfortuneately, I've tried about everything in ipfw and natd's man page and am still stumped. Then again, I may very well be taking the wrong approach entirely. I've opened the firewall completely (allow ip any any...), and it didn't help. I knew today would be great when it started with big brother alerts at 4AM. ;) It wouldn't be so bad if I hadn't had this working before... I hate that. Thanks, -Mike -- Eat drink and be merry, for tomorrow they may make it illegal. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0107122019001.4264-100000>