[afnog] Routing with NAT again

Antonio Godinho antonio at uem.mz
Tue Aug 15 17:41:11 SAST 2006


Thanks Brian. Your suggestion to use the unregistered_only option with natd 
is working fine. I have added it to the startup flags in rc.conf.

Cheers,

AG

On Tue, 15 Aug 2006 15:51:25 +0100, Brian Candler wrote
> On Tue, Aug 15, 2006 at 04:33:19PM +0200, Antonio Godinho wrote:
> > I had already sent the below scenario before, and I had thought that I 
> > solved the problem but now things don't work anymore. I had added the 
> > following lines to ipfw in order to get around the problem:
> > 
> > ipfw add 30 skipto 300 all from 196.3.B.0/24 to any
> > 
> > where 30 is a line number that comes before the divert for natd and 300 
is a 
> > line number for a rule later on in the rule set.
> 
> I think you'll have to post the entire ruleset if you want someone 
> to help you debug this.
> 
> However, I can offer two other alternatives:
> 
> (1) Scrap ipfw, and move to pf. I was very glad I did.
> 
> (2) If you really want to stick with natd, try using the
>     -unregistered_only option, so that only the RFC1918 addrs are
>     subject to NAT.
> 
> > It was working at first 
> > when I introduced the line but after rebooting the machine it stopped 
> > working although I added the rule to the rc.firewall and it even appears 
> > when you view the list of active rules (ipfw list). Why did it work 
before 
> > and not anymore???
> 
> Did you run natd by hand with different options, such as
> -unregistered_only ?
> 
> Regards,
> 
> Brian.


--
Antonio Godinho
B.Sc., MCP+I, MCSE, CCNA, CCNP
CIUEM
Maputo
Mozambique



More information about the afnog mailing list