Date: Sat, 25 Nov 2000 02:57:55 -0800 (PST) From: mike@hyperreal.org To: freebsd-questions@freebsd.org Subject: Re: natd basic setup help Message-ID: <20001125105755.115.qmail@hyperreal.org> In-Reply-To: <20001125095108.17976.qmail@hyperreal.org> from "mike@hyperreal.org" at "Nov 25, 2000 01:51:08 am"
next in thread | previous in thread | raw e-mail | index | archive | help
I wrote: > NAT. I've been RTFM'ing all night and am just not getting it. My ISP has > assigned me a static IP address. I want to use that address for my FreeBSD > machine, and have my 2 other machines masquerading as the same IP. The > configuration is pretty simple: > > [private_box_1]-----. > | > [private_box_2]-----|___[switch]___[DSL_modem]___[ISPs_router] > | > [public_BSD_box]----' > > The switch is unmanaged and the DSL modem is in bridging mode, so it's > essentially just a wire between my network and my ISP's router, which I > use as my gateway (216.241.42.1). No PPP or dynamic IPs are involved. > > I want to give the private boxes IP addresses 10.0.0.*, and have them use > the BSD box as their gateway. The BSD box needs to keep its public IP > address (216.241.42.159). Sounds pretty typical, right? It was pointed out to me shortly after I sent this that with the BSD box not being between the switch and the DSL modem, I can never have a true firewall; the private boxes will never be private. I need to have 2 NICs, one for traffic going between the BSD box and the DSL modem, and the other for traffic between the BSD box and the switch. Fair enough. I'd settle for just getting the masquerading working. The semi-private boxes would only respond to 10.0.0.*-destined traffic, and if I could just get the BSD box to reroute the traffic accordingly, it would at least give them TCP/IP connectivity. But I can see that with my current setup, once the switch found out the semi-private boxes were at those addresses, it would happily pass along any 10.0.0.*-destined traffic to those boxes, even if it were coming from the outside world. Like I trust the H4X0R kiddies I share a subnet with.. yeargh. Anyway I thought I gleaned from somewhere that 2 logical interfaces were necessary for NAT, but that this didn't have to mean 2 physical NICs. Is this wrong? I have nothing against using 2 NICs but my BSD box is on unstable hardware that has been known to invent conflicts when I add any piece of hardware to it. It's a c.1995 dual P133 board from Micron, with the Neptune chipset, and I'm trying to get whatever mileage I can out of it. Maybe it's time to just bite the bullet and use it as the doorstop it was meant to be. Thanks -M. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001125105755.115.qmail>