----- Original Message ----- From: "Pierrick Brossin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 26, 2003 9:02 AM Subject: Forward and NAT question
> Hi! > > I'm a little bit confused. > I got my server up and running with nat and stuff for a little while now > and I was wondering why would one need both net.inet.ip.forwarding set > to 1 and NAT ? > > I've been searching in the docs and on google for 3 days but I can't > figure out what is forwarding needed for if NAT is enabled... > > Regards > > -Pierrick Brossin > http://www.swissgeeks.com >From the FreeBSD handbook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/ppp-primer/x237.html) "By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled." If you're running NATD, you have at least 2 interfaces, this has to be enabled for the packets to traverse the interfaces properly. NATD and packet forwarding don't go hand in hand, NATD and IPFW do. net.inet.ip.forwarding allows traffic from the internal interface to gain access to the external interface where NATD is by default listening. Normal NATD traffic flow is this: - Packet is inbound via internal interface - net.inet.ip.forwarding allows the traffic to traverse to external interface - IPFW intercepts traffic at external interface and diverts it to NATD - NATD translates the packet and injects it at the next IPFW rule set - If traffic is allowed by IPFW, traffic exits the system to it's destination Without net.inet.ip.forwarding enabled, the FreeBSD system is merely a system on each network instead of a gateway between them. That's my take on it in a nut shell. -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600 _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"