Re: NATD and Address Redirection
From: Jim Durham (durham_at_jcdurham.com)
Date: 07/27/03
- Previous message: Jim Durham: "Re: NATD and Address Redirection"
- In reply to: Yar Tikhiy: "Re: NATD and Address Redirection"
- Next in thread: Jim Durham: "Re: NATD and Address Redirection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Yar Tikhiy <yar@comp.chem.msu.su> Date: Sat, 26 Jul 2003 22:26:55 -0400
On Saturday 26 July 2003 03:42 am, Yar Tikhiy wrote:
> On Fri, Jul 25, 2003 at 01:49:38PM -0400, Jim Durham wrote:
> > The procedure we used was to alias a 2nd public address to the
> > outside interface and use a redirect_address statement in
> > natd.conf to redirect connections to the new public IP to the
> > inside machine.
>
> Just a remark: If this 2nd public IP is already routed to your
> gateway, you don't need to add it as an alias for your gateway's
> outside interface. But you really need to if the latter interface
> is on a broadcast network and must do ARP to attract packets
> destined to the 2nd public IP specified to natd.
Ok... it's sitting on the back side of a Cisco on a class C public. It
doesn't sound like this would prevent anything from working in any
case.
>
> > This doesn't seem to be symmetrical. You can ping the inside
> > machine from outside using the new address and if you connect
> > outwards from the inside machine, the outside world sees the
> > connection as coming form the new public IP. However, a test
> > running VNC server on the inside machine and connecting from
> > outside does not work. You can connect to the inside machine and
> > it sees mouse and keyboard, but the virtual screen does not work.
> > It seems that the connection works properly redirecting inward
> > but not outward. VNC disconnects in about a minute.
>
> Could you check if TELNET, HTTP, or SSH from the outside world to
> the inside machine works? The problem may have to do with VNC
> protocol peculiarities preventing it from working through NAT.
> (However, the VNC FAQ claims VNC will work through NAT.)
Well, that was my suggestion to my partner. All the inside machines
are M$ workstations, so no connectable services running on them
That's why we installed VNC. I suggested that we get a *nix box on
the inside network that we can actually *do* something useful with
8-; .
To further thicken the soup. This is not the only client system with a
problem like this. There's another LAN client back of the NAT on a
FreeBSD box that needs to run a piece of software that connects to
some database system that figures out the most efficient routing for
carrying loads on a semi trailer. We were running this guy very
happily on an ISDN connection and using the NAt built into the PPP
client. We tried to put him on a system hanging off a T1 line using
natd and never got it to work. I did lots of tcpdumps on that using
both the PPP nat and NATD and couldn't see any difference! However it
worked just fine with the nat in PPP client, but not NATD. So, there
may be a clue there.
Another user is trying to run yahoo chat through NATD and no go, even
with a redirect_address to her computer. I believe this also works on
the PPP machine with the ISDN line, but not on NATD.
So, my question is "What's the difference"? Is it different handling
of icmp or something of that sort?
-- -Jim _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: Jim Durham: "Re: NATD and Address Redirection"
- In reply to: Yar Tikhiy: "Re: NATD and Address Redirection"
- Next in thread: Jim Durham: "Re: NATD and Address Redirection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
