[afnog] Routing with NAT again
Antonio Godinho
antonio at uem.mz
Tue Aug 15 17:14:17 SAST 2006
I will have a look at pf but would still like to sort this problem out now
as the machine is doing a lot of other things as well and I don't have a
spare to try.
I have not used the unregistered_only option because it is the first time I
hear about it. I don't know how to run that option from the command line. I
will try to read more on natd then.
Thanks Brian.
Cheers,
AG
On Tue, 15 Aug 2006 15:51:25 +0100, Brian Candler wrote
> On Tue, Aug 15, 2006 at 04:33:19PM +0200, Antonio Godinho wrote:
> > I had already sent the below scenario before, and I had thought that I
> > solved the problem but now things don't work anymore. I had added the
> > following lines to ipfw in order to get around the problem:
> >
> > ipfw add 30 skipto 300 all from 196.3.B.0/24 to any
> >
> > where 30 is a line number that comes before the divert for natd and 300
is a
> > line number for a rule later on in the rule set.
>
> I think you'll have to post the entire ruleset if you want someone
> to help you debug this.
>
> However, I can offer two other alternatives:
>
> (1) Scrap ipfw, and move to pf. I was very glad I did.
>
> (2) If you really want to stick with natd, try using the
> -unregistered_only option, so that only the RFC1918 addrs are
> subject to NAT.
>
> > It was working at first
> > when I introduced the line but after rebooting the machine it stopped
> > working although I added the rule to the rc.firewall and it even appears
> > when you view the list of active rules (ipfw list). Why did it work
before
> > and not anymore???
>
> Did you run natd by hand with different options, such as
> -unregistered_only ?
>
> Regards,
>
> Brian.
--
Antonio Godinho
B.Sc., MCP+I, MCSE, CCNA, CCNP
CIUEM
Maputo
Mozambique
More information about the afnog
mailing list