I'm wondering about the characteristics of the redirect_address option of natd. I tried this on -questions, but no one replied, so I thought I'd ask on here, hoping to find folks more familiar with kernel mechanisms here.
Consider a FreeBSD NAT "gateway" between a public IP on one network interface and a private "LAN" address on the 2nd interface serving a group of windows machines on the LAN with private IPS. We wanted to allow outside access to one of the LAN machines. According to the documentation, as I read it, redirect_address sets up a "static NAT" which is symmetrical between a public address on the outside interface of a FreeBSD machine and a machine on a private IP attached to the "inside" or "LAN" network interface. The procedure we used was to alias a 2nd public address to the outside interface and use a redirect_address statement in natd.conf to redirect connections to the new public IP to the inside machine. This doesn't seem to be symmetrical. You can ping the inside machine from outside using the new address and if you connect outwards from the inside machine, the outside world sees the connection as coming form the new public IP. However, a test running VNC server on the inside machine and connecting from outside does not work. You can connect to the inside machine and it sees mouse and keyboard, but the virtual screen does not work. It seems that the connection works properly redirecting inward but not outward. VNC disconnects in about a minute. If you connect to the inside machine using the -via option of VNC to build an encrypted tunnel to the FreeBSD gateway and then connect to the inside machine directly, it works properly, so it doesn't appear to be a VNC problem. I'm questioning whether the connection is really symmetrical? -Jim _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
