On Tue, Oct 08, 2002 at 03:28:28PM -0400, JoeB wrote: > You state Network topology: > Internet---Campus Network---(xl0)FreeBSD NATD machine(xl1)---Internal host > > Internet is public ip address, if Campus Network private ip address then > you > can not nat them again, if Campus Network is public ip address then you > should > nat x11 for the private ip address on the lan behind the FBSD box.
That's not correct. I've seen two layers of NATD work just fine in an office building environment where the gateway to the office was natting ips to the individual clients, and then clients were natting again to hang multiple machines off the one ip they got from the office gateway. Josh > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Kim Helenius > Sent: Tuesday, October 08, 2002 9:13 AM > To: [EMAIL PROTECTED] > Subject: Puzzling NATD problem - revisited > > The setting: > > Network topology: > Internet---Campus Network---(xl0)FreeBSD NATD machine(xl1)---Internal host > > A custom kernel build including the following options: > options IPFIREWALL > options IPDIVERT > Used the command: > sysctl net.inet.ip.forwarding=1 > And started natd with natd -interface xl0 > > Then did, straight from the manpage, the following firewall rules: > /sbin/ipfw -f flush > /sbin/ipfw add divert natd all from any to any via xl0 > /sbin/ipfw add pass all from any to any > > Now NAT works perfectly for the internal host, but (almost) all TCP > connections cease to work to/from the NATD machine. AFAIK UDP and ICMP work > perfectly. I've tried this on two different FreeBSD machines in the same > network with identical results. If I remove the divert rule, everything > works perfectly, except of course for the NAT. There have been no similar, > puzzling effects on any Linux hosts I know of in the same network. Therefore > I'm sure there's some knob I haven't pushed yet :) > > I'm aware this doesn't make much of a firewall but I'd like to get natd > working before I run the firewall script. > > -- > Kim Helenius > [EMAIL PROTECTED] > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
