NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Configure NetBSD as a gateway for LAN hosts
On ott 13 12:08, Martin Husemann wrote:
> With above routing table this should already happen - no concrete local subnet
> matching, so it will pick "default".
Yes, I tried and it does!
> > With a routing table
> > entry, or with a rule (the `pass stateful out all' in soho_gw-npf.conf)
> > in npf?
>
> That rule does not change routing, it just allows the packet to go out,
> and also creates a NAT state entry so any answers are allowed back in.
I checked npf.conf(5) and also
<http://rmind.github.io/npf/configuration.html>
but I wasn't able to determine this. Thank you, it is exactly as you
said: I tried with ssh, ping and also a random client/server
communication in a random port with nc(1).
> In general it is best to get packet flow working first and then start caring
> about filtering, but with NAT this is tricky.
Why is this tricky with NAT? Because when a request exits from the
gateway, it exits from a port determined by the NAT, but when the answer gets
back to the gateway, it is hard to recognize it?
I still can't figure it out.
If you think there's a better way, let me know. Also, so far, I still
didn't try with the `map' keyword in npf.com (which I thought was the
only way to perform NAT).
Thanks a lot!
Rocky
Home |
Main Index |
Thread Index |
Old Index