Date: Sat, 22 Nov 1997 02:32:20 +0000 From: Brian Somers <brian@awfulhak.org> To: Ben Hockenhull <benh@blues.jpj.net> Cc: questions@freebsd.org Subject: Re: NAT+registered networks Message-ID: <199711220232.CAA05112@awfulhak.demon.co.uk> In-Reply-To: Your message of "Thu, 20 Nov 1997 10:09:18 EST." <Pine.BSI.3.95.971120100808.11183B-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm attempting to use a FreeBSD box to assist in my transition from > registered addresses to unregistered addresses. I have approx 1000 nodes > with registered addresses that will be, over time, switched to addresses > in the 10.x.x.x range. > > So, what I need to do is put this FreeBSD box in front of everything until > the entire thing is transitioned. The external interface is a registered > address, and the internal interface has both an unregistered and a > registered address assigned to it. What it needs to do is to NAT > unregistered addresses and pass registered addresses. Will this work? I > can get unregistered addresses on the 192.168.x.x network to NAT fine; > it's the registered address passing and NAT of 10.x.x.x addresses that > does not work. Any ideas? > > /etc/natd.conf: > > unregistered_only yes > alias_address 199.217.x.x > log yes > > /etc/rc.firewall: > > /sbin/ipfw -f flush > /sbin/ipfw add 3000 divert 6668 all from 10.0.0.0/8 to any via ep0 > /sbin/ipfw add 4000 divert 6668 all from any to 10.0.0.0/8 via ep1 > /sbin/ipfw add 65000 pass all from any to any If your Internet interface is ep0, then the divert lines should be /sbin/ipfw add 3000 divert 6668 all from 10.0.0.0/8 to any via ep0 /sbin/ipfw add 4000 divert 6668 all from any to 10.0.0.0/8 via ep0 although I guess the line with ep1 would suffice if it sees all of the 10/8 traffic that passes through ep0. Apart from that, the unregistered_only option treats 10.0.0.0/8, 172.16.0.0/16 and 192.168.0.0/16 in exactly the same way (see /usr/src/lib/libalias/alias.c). > > Thanks for any help. > > Ben > > -- > Ben Hockenhull > benh@jpj.net > > -- Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org> <http://www.Awfulhak.org> Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711220232.CAA05112>