radius and natd
Sean Hafeez
sahafeez at edgefocus.com
Tue Jul 29 12:47:03 PDT 2003
i have a network (10.0.0.x) that is nat'd to the external interface of
the firewall. everything works great. the kernel was compiled with the
leave everything open opition. the only rules are:
/sbin/natd -interface rl0
ipfw add divert natd all from any to any via rl0
ipfw add pipe 1 ip from any to any in recv rl1
ipfw add pipe 2 ip from any to any out xmit rl1
ipfw pipe 1 config mask src-ip 0xffffffff bw 1024kbits/s
ipfw pipe 2 config mask dst-ip 0xffffffff bw 1024kbits/s
rl0 is the external. rl1 is the internal 10.0.0.x network.
i have a device on the internal network 10.0.0.4 that needs to query an
radius server on the internet. i can see the request come in from the
device on rl1 (tcpdump -i rl1) but i see nothing leave and never see the
packet hit the server. is nat the problem? is there away around this?
i googled but did not find anything that worked. remember this is a wide
open box that is just being used for nat and shapping with no rules.
thanks!
More information about the freebsd-ipfw
mailing list