Re:Re: NATD Issue

From: Evgeny Ivanov (evgeny_at_networkersbg.com)
Date: 05/27/04

Next message: Fredrik Eriksson: "Re: cannot boot system built today"

Previous message: Vasenin Alexander aka BlackSir: "Penalty of using unsupported ServerWorks GC-SL chipset?"
Maybe in reply to: Evgeny Ivanov: "NATD Issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 27 May 2004 09:17:21 +0300 (EEST)
To: freebsd-stable@freebsd.org

On 5/26/2004, "Volker Stolz" <stolz@i2.informatik.rwth-aachen.de> wrote:

>In local.freebsd-stable, you wrote:
>> I am having troubles with NATD.
>> I have 64 Real IP addresses and about a 200 customers. I need to define
>> an address pool in order to avoid the effect that all internal IPs to be
>> visible as 1. What I have done is.
>> in rc.conf:
>> natd_enable="YES"
>> natd_flags="-f /etc/natd.conf"
>>
>> in natd.conf:
>> use_sockets yes
>> same_ports yes
>> reverse yes
>> interface fxp0
>> redirect_address 10.0.1.2 one-external-ip
>> redirect_address 10.0.1.3 two-external-ip
>
>Do you hace divert-rule in your firewall ruleset to pass the
>packets to natd?
>--
>http://www-i2.informatik.rwth-aachen.de/stolz/ *** PGP *** S/MIME
>Neu! Ändern Sie den Anfangstag Ihrer Woche
>
>
Yes I have a divert rule setup in rc.firewall. It is like this:
ipfw add 100 divert natd all frmu any to any via external-interface
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"

Next message: Fredrik Eriksson: "Re: cannot boot system built today"

Previous message: Vasenin Alexander aka BlackSir: "Penalty of using unsupported ServerWorks GC-SL chipset?"
Maybe in reply to: Evgeny Ivanov: "NATD Issue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: Couple of network questions (NAT, firewalls)
... ipfw add 500 divert natd all from any to any via re0 ... Just redirects traffic to port 8668 (natd) and from there the natd ... So if I try to make a connection from ... and you are right that it bypasses the nat state table. ...
(comp.unix.bsd.freebsd.misc)
Re: IPFW with user-ppps NAT
... user-ppp instead of natd. ... If divert rules are necessary, what argument do I need to pass to action ... If you mean the "nat enable yes" option in ppp.conf, ...
(freebsd-questions)
Re: HEADSUP: Sleep queues added to kernel, so be careful.
... > If I capture the boot output with: ... 00200 deny ip from any to 127.0.0.0/8 ... Firewall rules loaded, starting divert daemons: natd ...
(freebsd-current)
Re: unregistered_only in natd does not work?
... natd changed source port even though it should not. ... the portrange used for ephermeral FTP & IRC data channels, BTW...but if your problem also affects passive-mode FTP, something else is going on. ... I think that punch_fw works when you are on the box and try to connect to another ftp server ... I am not sure how to change the divert command because take notice that divert should be applied to both incoming and both outgoing packets. ...
(freebsd-questions)
Re: ipfw with four interfaces
... > Try having the very first rule divert ip from any to any to natd Then, ... NAT will take the packet, process it if it's an RFC 1918 ... > firewall at ...
(freebsd-questions)