[afnog] Routing with NAT again
Brian Candler
B.Candler at pobox.com
Tue Aug 15 16:51:25 SAST 2006
On Tue, Aug 15, 2006 at 04:33:19PM +0200, Antonio Godinho wrote:
> I had already sent the below scenario before, and I had thought that I
> solved the problem but now things don't work anymore. I had added the
> following lines to ipfw in order to get around the problem:
>
> ipfw add 30 skipto 300 all from 196.3.B.0/24 to any
>
> where 30 is a line number that comes before the divert for natd and 300 is a
> line number for a rule later on in the rule set.
I think you'll have to post the entire ruleset if you want someone to help
you debug this.
However, I can offer two other alternatives:
(1) Scrap ipfw, and move to pf. I was very glad I did.
(2) If you really want to stick with natd, try using the
-unregistered_only option, so that only the RFC1918 addrs are
subject to NAT.
> It was working at first
> when I introduced the line but after rebooting the machine it stopped
> working although I added the rule to the rc.firewall and it even appears
> when you view the list of active rules (ipfw list). Why did it work before
> and not anymore???
Did you run natd by hand with different options, such as
-unregistered_only ?
Regards,
Brian.
More information about the afnog
mailing list