Thank you both for your answers. The campus network uses public ip address space, sorry for not including that information. The fact why I included it in between the internet and the natd gateway is that if there's some weirdness in it, I somehow have to compensate for it in FreeBSD. As I stated, Linux users haven't had any problems with nat in the same network. Even I had working nat in the same network two years ago (on FreeBSD 4.1-4.3 I think) so I'm trying to pinpoint the cause for this extremely peculiar behaviour.
Josh Paetzel wrote: >On Tue, Oct 08, 2002 at 03:28:28PM -0400, JoeB wrote: > > >>You state Network topology: >>Internet---Campus Network---(xl0)FreeBSD NATD machine(xl1)---Internal host >> >>Internet is public ip address, if Campus Network private ip address then >>you can not nat them again, if Campus Network is public ip address then you >>should nat x11 for the private ip address on the lan behind the FBSD box. >> >> >That's not correct. I've seen two layers of NATD work just fine in an office >building environment where the gateway to the office was natting ips to the >individual clients, and then clients were natting again to hang multiple >machines off the one ip they got from the office gateway. > >Josh > > "You should nat x11 for the private ip address on the lan behind the FBSD box." I always thought natd should run on the external interface? How can natd work perfectly if I'm running it on a wrong interface? > > >>-----Original Message----- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED]]On Behalf Of Kim Helenius >>Sent: Tuesday, October 08, 2002 9:13 AM >>To: [EMAIL PROTECTED] >>Subject: Puzzling NATD problem - revisited >> >>The setting: >> >>Network topology: >>Internet---Campus Network---(xl0)FreeBSD NATD machine(xl1)---Internal host >> >>A custom kernel build including the following options: >>options IPFIREWALL >>options IPDIVERT >>Used the command: >>sysctl net.inet.ip.forwarding=1 >>And started natd with natd -interface xl0 >> >>Then did, straight from the manpage, the following firewall rules: >>/sbin/ipfw -f flush >>/sbin/ipfw add divert natd all from any to any via xl0 >>/sbin/ipfw add pass all from any to any >> >>Now NAT works perfectly for the internal host, but (almost) all TCP >>connections cease to work to/from the NATD machine. AFAIK UDP and ICMP work >>perfectly. I've tried this on two different FreeBSD machines in the same >>network with identical results. If I remove the divert rule, everything >>works perfectly, except of course for the NAT. There have been no similar, >>puzzling effects on any Linux hosts I know of in the same network. Therefore >>I'm sure there's some knob I haven't pushed yet :) >> >>I'm aware this doesn't make much of a firewall but I'd like to get natd >>working before I run the firewall script. >> >>-- >>Kim Helenius >>[EMAIL PROTECTED] >> >> >> >>To Unsubscribe: send mail to [EMAIL PROTECTED] >>with "unsubscribe freebsd-questions" in the body of the message >> >> >>To Unsubscribe: send mail to [EMAIL PROTECTED] >>with "unsubscribe freebsd-questions" in the body of the message >> >> -- Kim Helenius [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
