Re: Fwd: how access inside from outside when nat is done from inside to outside
hi sam i do not know what is the exactly correct manner in freebsd, but it think based on definition for NAT, you should not be able to access inside systems from outside unless you have port direction. On Tue, Apr 16, 2013 at 11:35 AM, s m sam.gh1...@gmail.com wrote: thanks Danny, but i'm using pf to define rules and pfctl to apply them. first of all it is so important for me to understand what should exactly happen and what is the correct behavior in freebsd. i mean when i define nat from inside to outside, should outside system can access inside systems or not? (for example ping them). i am so confused what is the correct manner. any hints or comments that help to clear it for me, is really appreciated. SAM On 4/4/13, Daniel O'Callaghan da...@clari.net.au wrote: On 4/04/2013 6:41 PM, s m wrote: request packets: src:192.168.2.1 dst: 192.168.1.1 reply packets: src: 192.168.2.50 dst:192.168.2.1 This sort of thing tends to happen when the the packets are not being sent via divert socket properly. Look carefully, step by step, at your ipfw rules which send packets to natd. Also, run natd -v in a separate window instead of running it as a daemon, and it will show you the packets which go through natd, and what is done with them. regards, Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fwd: how access inside from outside when nat is done from inside to outside
thanks Danny, but i'm using pf to define rules and pfctl to apply them. first of all it is so important for me to understand what should exactly happen and what is the correct behavior in freebsd. i mean when i define nat from inside to outside, should outside system can access inside systems or not? (for example ping them). i am so confused what is the correct manner. any hints or comments that help to clear it for me, is really appreciated. SAM On 4/4/13, Daniel O'Callaghan da...@clari.net.au wrote: On 4/04/2013 6:41 PM, s m wrote: request packets: src:192.168.2.1 dst: 192.168.1.1 reply packets: src: 192.168.2.50 dst:192.168.2.1 This sort of thing tends to happen when the the packets are not being sent via divert socket properly. Look carefully, step by step, at your ipfw rules which send packets to natd. Also, run natd -v in a separate window instead of running it as a daemon, and it will show you the packets which go through natd, and what is done with them. regards, Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fwd: how access inside from outside when nat is done from inside to outside
hello guys i am newbie in nat and have some problem with it. i want to nat inside traffic to outside and when i ping outside from inside, every thing is ok and nat is done perfectly. but when i ping inside from outside, request packets are sent without any nat translation while reply packets are nated and therefore outside system can not recognize reply packets and do not accept them. this is example of packets which are received in a outside system when pings an inside system. request packets: src:192.168.2.1 dst: 192.168.1.1 reply packets: src: 192.168.2.50 dst:192.168.2.1 is it a correct behavior or not? and if it is correct, it means that when i configure to nat traffic from inside to outside, i can not access from outside to inside systems? (in cisco router packets are exactly as mention above, but outside system identifies reply packets and therefore accepts them). please let me know if i am misunderstanding. thanks ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fwd: how access inside from outside when nat is done from inside to outside
On 4/04/2013 6:41 PM, s m wrote: request packets: src:192.168.2.1 dst: 192.168.1.1 reply packets: src: 192.168.2.50 dst:192.168.2.1 This sort of thing tends to happen when the the packets are not being sent via divert socket properly. Look carefully, step by step, at your ipfw rules which send packets to natd. Also, run natd -v in a separate window instead of running it as a daemon, and it will show you the packets which go through natd, and what is done with them. regards, Danny ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
