From owner-freebsd-questions  Fri Mar 13 19:21:42 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA18131
          for freebsd-questions-outgoing; Fri, 13 Mar 1998 19:21:42 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from gdi.uoregon.edu (gdi.uoregon.edu [128.223.170.30])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA18038
          for <freebsd-questions@FreeBSD.ORG>; Fri, 13 Mar 1998 19:21:26 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by gdi.uoregon.edu (8.8.7/8.8.8) with SMTP id TAA19503;
          Fri, 13 Mar 1998 19:21:19 -0800 (PST)
          (envelope-from dwhite@gdi.uoregon.edu)
Date: Fri, 13 Mar 1998 19:21:19 -0800 (PST)
From: Doug White <dwhite@gdi.uoregon.edu>
Reply-To: Doug White <dwhite@resnet.uoregon.edu>
To: Peter Woods <pwoods@mail.state.tn.us>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: IPFW and natd
In-Reply-To: <s508e4b0.060@langate.tnet.state.tn.us>
Message-ID: <Pine.BSF.3.96.980313191743.19404Q-100000@gdi.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, 13 Mar 1998, Peter Woods wrote:

> I am setting up a FreeBSD 2.2.5 box as a test firewall system.
> The system has two 3Com 3c509 cards.  I have successfully
> rebuilt my kernal with IPFW and natd appears to be running.  I
> can successfully telnet from a computer on the private network
> to one on the public network, but the reverse is not true. 



> I started natd using:
> natd -a A.B.C.199 -redirect_address 10.10.10.2 A.B.C.199

Read the natd man page; you've requested the natd host to transmit
requests on a.b.c.199, and map the internal address to the one you're
proxying.  It's probably confusing natd all to heck.

Try mapping 10.10.10.2 to a.b.c.198 or another ip in your block.

> Did I do this right?  How do redirect more IPs?

It's a 1-1 correspondence.

> Eventually, the public nic will have several alias, and I would like
> A.B.C.198 -> 10.10.10.2
> A.B.C.199 -> 10.10.10.3
> A.B.C.200 -> 10.10.10.4

Just don't use .199 and you should be good.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message