Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 25 Feb 2001 16:13:53 -0800
From:      "Crist J. Clark" <cjclark@reflexnet.net>
To:        "Brent B. Powers" <fbsdq@b2pi.com>
Cc:        "Brent B.Powers" <powers@b2pi.com>, freebsd-questions@FreeBSD.ORG
Subject:   Re: With natd server, can't hit my own static IP's
Message-ID:  <20010225161353.S89396@rfx-216-196-73-168.users.reflex>
In-Reply-To: <15000.46171.122193.363607@Sophie.B2Pi.com>; from fbsdq@b2pi.com on Sun, Feb 25, 2001 at 02:29:31AM -0500
References:  <bulk.28868.20010220215952@hub.freebsd.org> <20010221004746.Y62368@rfx-216-196-73-168.users.reflex> <15000.46171.122193.363607@Sophie.B2Pi.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Feb 25, 2001 at 02:29:31AM -0500, Brent B. Powers wrote:

[snip]

> Thus the commands (on the gateway box, with a debug firewall)
> 
> (TBird)/etc[16]#/bin/sh /etc/rc.firewall                              
> Flushed all rules.
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00340 divert 8668 ip from any to any via de0
> 00350 divert 8669 ip from 192.168.1.0/24 to 216.254.64.0/24 via rl0
> 65000 allow ip from any to any
> (TBird)/etc[17]#/sbin/natd -config /etc/natd.conf -port 8669 -n rl0 -v
> natd[26563]: Aliasing to 192.168.1.1, mtu 1500 bytes
> In  [ICMP] [ICMP] 192.168.1.188 -> 216.254.64.186 8(0) aliased to
>            [ICMP] 192.168.1.188 -> 192.168.1.186 8(0)
> In  [ICMP] [ICMP] 192.168.1.188 -> 216.254.64.186 8(0) aliased to
>            [ICMP] 192.168.1.188 -> 192.168.1.186 8(0)
> In  [ICMP] [ICMP] 192.168.1.188 -> 216.254.64.186 8(0) aliased to
>            [ICMP] 192.168.1.188 -> 192.168.1.186 8(0)
> In  [TCP]  [TCP] 192.168.1.188:1049 -> 216.254.64.186:21 aliased to
>            [TCP] 192.168.1.188:1049 -> 192.168.1.186:21
> In  [TCP]  [TCP] 192.168.1.188:1049 -> 216.254.64.186:21 aliased to
>            [TCP] 192.168.1.188:1049 -> 192.168.1.186:21
> In  [TCP]  [TCP] 192.168.1.188:1049 -> 216.254.64.186:21 aliased to
>            [TCP] 192.168.1.188:1049 -> 192.168.1.186:21

I think I see what is going on here. That rule 350 was a bad idea on
my part. Replies from 192.168.1.186 do not get put through NAT. What
does,

  00350 divert 8669 ip from any to any via rl0

And running the internal natd with the '-reverse' option do?
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010225161353.S89396>