On Tue, Sep 14, 1999 at 02:14:14PM -0700, Doug White wrote: > On Tue, 14 Sep 1999, Ruslan Ermilov wrote: > > > > > > use_sockets yes > > > > > same_ports yes > > > > > # > > > > > # machine1 redirections > > > > > #redirect_port tcp 192.168.2.237:ssh 1.2.3.4:ssh > > > > > #redirect_port tcp 192.168.2.237:smtp 1.2.3.4:smtp > > > > > #redirect_port tcp 192.168.2.237:pop3 1.2.3.4:pop3 > > > > > #redirect_port tcp 192.168.2.237:imap4 1.2.3.4:imap4 > > > > > > > > > > # machine2 redirections > > > > > redirect_port tcp 192.168.2.201:ssh 1.2.3.5:ssh > > > > > redirect_port tcp 192.168.2.201:http 1.2.3.5:http > > > > > > > > > > I start natd with: > > > > > > > > > > natd -f /etc/natd.conf -n fxp0 where fxp0 is the public-side interface. > > > > > > > > > > Restarting natd with this configuration causes it to block everything. > > > > > > > > > So, without redirect_port's it works OK? > > > > > > Yes, and the redirect_port's work if the alias address is not specified. > > > > > Strange, I just run 3.2-RELEASE's natd(8) with your configuration file > > and everything works as expected: > > Hm, rev. 1.21 of natd.c is worrisome: > > 1.21 Tue Sep 7 15:34:12 1999 UTC by ru > CVS Tags: HEAD > Diffs to 1.20 > > Config file parser changes: > > - Trailing spaces and empty lines are ignored. > - A `#' sign will mark the remaining of the line as a comment. > > Reviewed by: Ari Suutari <[EMAIL PROTECTED]> > > Perhaps the parser is skipping my redirect_port lines? > Yeah, I committed this change after one guy had the problems with redirect_port's not happening. He had `#' after `redirect_port' line, and natd(8) silently ignored it. But you said that it works for you without specifying publicIP, so this shouldn't be the case here. > > Firewall rules were: > > 00001 divert 8668 ip from any to 1.2.3.5 via fxp2 > > 00001 divert 8668 ip from 192.168.2.201 to any via fxp2 > > Hm, I'm using the default divert rule 'divert 8668 all from any to any via > fxp0' instead of grabbing specific traffic. > I understand. My rules look so, because I have another natd(8) (production) running on my outside interface, so I grabbed only those packets that were sufficient to experiment with your config file. [...] > Very odd. I'm going to adjust the configfile so that it has no comments > or blank space. Can you send me your file exactly as you wrote it? > I just copied your config file from your original posting, see attached. But PLEASE MAKE SURE you have no trailing whitespaces at the end of your redirect_port rules! Later, -- Ruslan Ermilov Sysadmin and DBA of the [EMAIL PROTECTED] United Commercial Bank, [EMAIL PROTECTED] FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age
use_sockets yes same_ports yes # # machine1 redirections #redirect_port tcp 192.168.2.237:ssh 1.2.3.4:ssh #redirect_port tcp 192.168.2.237:smtp 1.2.3.4:smtp #redirect_port tcp 192.168.2.237:pop3 1.2.3.4:pop3 #redirect_port tcp 192.168.2.237:imap4 1.2.3.4:imap4 # machine2 redirections redirect_port tcp 192.168.2.201:ssh 1.2.3.5:ssh redirect_port tcp 192.168.2.201:http 1.2.3.5:http
