Fwd: how access inside from outside when nat is done from inside to outside

[saeedeh motlagh]

hi sam
i do not know what is the exactly correct manner in freebsd, but it think
based on definition for NAT, you should not be able to access inside
systems from outside unless you have port direction.


On Tue, Apr 16, 2013 at 11:35 AM, s m <sam.gh1986 at gmail.com> wrote:

> thanks Danny, but i'm using pf to define rules and pfctl to apply them.
>
> first of all it is so important for me to understand what should
> exactly happen and what is the correct behavior in freebsd. i mean
> when i define nat from inside to outside, should outside system can
> access inside systems or not? (for example ping them).
> i am so confused what is the correct manner. any hints or comments
> that help to clear it for me, is really appreciated.
> SAM
>
> On 4/4/13, Daniel O'Callaghan <danny at clari.net.au> wrote:
> > On 4/04/2013 6:41 PM, s m wrote:
> >> request packets:   src:192.168.2.1----> dst: 192.168.1.1
> >> reply packets:       src: 192.168.2.50----> dst:192.168.2.1
> > This sort of thing tends to happen when the the packets are not being
> > sent via divert socket properly.
> > Look carefully, step by step, at your ipfw rules which send packets to
> > natd.
> > Also, run natd -v in a separate window instead of running it as a
> > daemon, and it will show you the packets which go through natd, and what
> > is done with them.
> >
> > regards,
> >
> > Danny
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to
> > "freebsd-questions-unsubscribe at freebsd.org"
> >
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>