From owner-freebsd-questions Fri Dec 31 8:32:43 1999 Delivered-To: freebsd-questions@freebsd.org Received: from biff.nerdpower.net (c13574-001.nerdpower.net [24.108.37.222]) by hub.freebsd.org (Postfix) with SMTP id 9BC8615317 for ; Fri, 31 Dec 1999 08:32:37 -0800 (PST) (envelope-from jeff@nerdpower.com) Received: (qmail 6738 invoked by alias); 31 Dec 1999 16:34:34 -0000 Received: from flanders.nerdpower.net (HELO flanders) (24.108.37.21) by biff.nerdpower.net with SMTP; 31 Dec 1999 16:34:34 -0000 From: "Jeff Lush" To: Subject: NATD question Date: Fri, 31 Dec 1999 09:32:58 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I have a question about NATD, and am looking for some advice. I would like to setup a firewall/NAT box for a small LAN. I have setup and used FreeBSD 3.2 and 3.3 for this in the past without problems. This time; however, I need to put a mail server behind the firewall/NAT box. Here's the description: There are 2 public IPs available: 139.142.150.29 - assigned for mail in MX record 139.142.150.39 - assigned for NAT/LAN traffic Private IP scheme: 192.168.1.1 - mail server behind firewall Two NICs: de0 - public de1 - private My proposed solution is to redirect 139.142.150.29 to 192.168.1.1 using the 'redirect_address' option. In the rc.conf: - ifconfig_de0="inet 139.142.150.39 netmask 255.255.255.0" ifconfig_de0_alias="inet 139.162.150.39 netmask 255.255.255.0" ifconfig_de1="inet 192.168.1.254 netmask 255.255.255.0" natd_program="/bin/natd -redirect_address 192.168.1.1 139.162.150.29" - My firewall ruleset first passes everything to natd and allows for port 25 traffic to be passed into and out of the LAN (pop3 support is only needed within the LAN). My questions are: 1. Will this work? 2. Do I need to add additional comments to '-redirect_address'? Such as: -redirect_address 192.168.1.1 139.162.150.29 #redirect traffic to mail server -redirect_address 0.0.0.0 139.162.150.39 #redirect traffic to LAN - Is this necessary? My biggest challenge is that I must build this and set it up in a remote area, so testing will be difficult. If I have missed any information, please let me know and I will provide it. Any comments on what I have said here would be most appreciated. Thanks, Jeff Lush To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message