On Tue, 14 Sep 1999, Ruslan Ermilov wrote:
> > hello ..
> >
> > We're trying to turn up a firewall box running NAT with multiple external
> > IPs. I added the alias and set up natd.conf as follows:
> >
> > use_sockets yes
> > same_ports yes
> > #
> > # machine1 redirections
> > #redirect_port tcp 192.168.2.237:ssh 1.2.3.4:ssh
> > #redirect_port tcp 192.168.2.237:smtp 1.2.3.4:smtp
> > #redirect_port tcp 192.168.2.237:pop3 1.2.3.4:pop3
> > #redirect_port tcp 192.168.2.237:imap4 1.2.3.4:imap4
> >
> > # machine2 redirections
> > redirect_port tcp 192.168.2.201:ssh 1.2.3.5:ssh
> > redirect_port tcp 192.168.2.201:http 1.2.3.5:http
> >
> > I start natd with:
> >
> > natd -f /etc/natd.conf -n fxp0 where fxp0 is the public-side interface.
> >
> > Restarting natd with this configuration causes it to block everything.
> >
> So, without redirect_port's it works OK?
Yes, and the redirect_port's work if the alias address is not specified.
> Have you tried to run it in the foreground? (`natd -v')
Not on the target machine but I did test it from home. It looks like NAT
stops matching packets when the alias addr is provided; it lets them fall
through to the local system, where they generally get 'connection
refused'. I am going to try it without alias addresses for the default
address (the first bank) and see if those work.
I can't attach gdb to a running -g'd version of natd, it just segfaults.
:(
> > Does natd support multiple alias addresses, or am I missing something
> > obvious?
> >
> Definitely supports!
>
> BTW, what version you are on?
3.2-RELEASE.
Doug White
Internet: [EMAIL PROTECTED] | FreeBSD: The Power to Serve
http://gladstone.uoregon.edu/~dwhite | www.freebsd.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
