[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OBSD 3.1 NAT configuration question



On Mon, Jul 08, 2002 at 11:34:59AM -0700, Raymond C. Rodgers wrote:

> So what I'm wondering is if my internal NAT config line ("nat on dc0 from 
> 192.168.0.0/24 to any -> dc0") is essentially competing with the rdr lines 
> ("rdr on dc0 proto udp from any to dc0 port 7500:7800 -> 192.168.0.45 port 
> 7500:*" and "rdr on dc0 proto udp from any to dc0 port 22000 -> 
> 192.168.0.45 port 22000"). Perhaps packets are never getting as far as the 
> rdr lines?

nat and rdr (on the same interface) never compete, since nat applies
only to outgoing connections and rdr only to incoming ones. Technically,
the first matching translation rule wins, but since there's no case
where both a nat and an rdr rule can apply to the same packet, that's
not an issue.

Once the first outgoing packet of a connection is NATed, all further
packets of that connection are translated the same way, and incoming
replies are automatically forwarded to the local address, you don't need
an rdr for _that_. The rdr will deal with incoming connections,
forwarding them to the local machine.

If the local machine initiates a (NATed) outgoing connection, and
insists on using this for further communation, there's nothing you can
do to force it to use a new, incoming connection instead. Why would you
want to do that, anyway?

Daniel