Bridge and NAT problems
Andrea Venturoli
ml.diespammer at netfence.it
Thu Feb 22 14:41:59 UTC 2007
Hello.
I've got the following problem...
My host is configured like this:
fxp0: internal interface, requires NAT
rl1: public interface, with static IP
xl0: bridged to rl1, with some public IP behind
ipfw diverts any traffic through rl1 to natd, i.e. I have in ipfw
50 divert 8668 ip from any to any via rl1
Internal <-> Internet works, as Internet <-> Bridged does.
Internal <-> Bridged does not work.
Let's suppose I'm pinging from the inside to a bridged machine: the ICMP
packet comes in through fxp0 and is allowed, gets NATted going out by
rule 50 and reaches the target hosts (I guess bridging is also happening
to send it out via xl0 instead of rl1).
The target answers to the public IP of this box and the packet comes in
via xl0, so it's not back-NATted and gets lost.
I then tought of diverting to natd every packet through xl0 (i.e. 60
divert 8668 ip from any to any via xl0), but this doesn't work either.
The packet gets to natd by means of rule 60, but natd does not recognize
it as an answer to a previously examined packet.
From man pages I understood that natd does not take interface into
account, but only source and destination IP:port. Then, what's wrong?
Any suggestion?
bye & Thanks
av.
More information about the freebsd-net
mailing list