Hi all,

I've been trying to get natd up on a FreeBSD 4.9-Stable box. 
I think I've followed every step, and it's still not quite working, 
although I believe it's getting close. My dual-homed box has 
two interfaces: internal ed0=, and external 
xl0=xx.yy.zz.187/29 (note I've cleverly obscured the IP). 

Here's what I've done on the dual-homed box:
- Kernel compiled with IPFIREWALL & IPDIVERT
- gateway_enabled="YES", verified with sysctl -a list | grep ipforwarding
- firewall set to open
- natd_enabled="YES"
- natd_interface=my external interface
- natd_flags=-f /etc/natd.conf
- /etc/natd.conf contains one line: redirect_address xx.yy.zz.186, 
where xx.yy.zz.186 is the desired public IP for a client on my internal 
network, whose internal IP is

On my client, I've set the default router to, which is the IP for the 
internal interface for the gateway box.

The gateway can access the Internet just fine. The client has some problems, 
which I've attempted to diagnose by running tcpdump on the gateway, and 
trying a ping and a lynx from the client. Here are the results, as reported
by the gateway:

ping (from client to one of my ISP's nameservers)
10:14:39.738942 xx.yy.zz.186 > icmp: echo request
10:14:39.760288 > xx.yy.zz.186: icmp: echo reply
10:14:40.748798 xx.yy.zz.186 > icmp: echo request
10:14:40.770406 > xx.yy.zz.186: icmp: echo reply

lynx www.yahoo.com
10:16:55.827709 xx.yy.zz.186.2559 > S 552730403:552730403(0) win 
57344 <mss
1460,nop,wscale 0,nop,nop,timestamp 35611940 0> (DF)
10:16:55.920315 > xx.yy.zz.186.2559: S 2144501521:2144501521(0) 
ack 552730404
win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 582477747 35611940> (DF)

On both ping and lynx, the client hangs. It doesn't report any problems (other than
timeout). It just hangs. Also, tcpdump reports packets as being received by 'filter',
and reports 0 packets dropped by kernel.

What's interesting to me, is that in both cases it looks like the connection is 
being made. Since the gateway is referring to xx.yy.zz.186, which is my alias in 
natd.conf for the client, it looks like natd is working to some extent -- the 
client's NIC is configured only as and so the only reason the gateway 
would be using would be because natd said so. However, it almost seems
like the gateway can't go in the other direction, like it has no idea that 
packets destined for should be directed to This, even
though it knows to rewrite packets coming *from* as having come

One other data point: my gateway can ping the client's internal IP, but not
its external IP.

Does sound familiar to anyone? I'm hopeful that it's something small.

Thank you,

Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to