From owner-freebsd-questions Fri Nov 17 8:35: 1 2000 Delivered-To: freebsd-questions@freebsd.org Received: from apollo.retec.net (apollo.retec.net [207.99.22.10]) by hub.freebsd.org (Postfix) with ESMTP id CC1B637B479 for ; Fri, 17 Nov 2000 08:34:56 -0800 (PST) Received: from newken (dhcp100.retec.net [207.99.22.100]) by apollo.retec.net (8.9.3/8.9.0) with SMTP id LAA04546; Fri, 17 Nov 2000 11:28:36 -0500 (EST) Message-ID: <016d01c050b4$50171800$641663cf@icarz.com> From: "Ken Menzel" To: Cc: References: <02e701c04fef$e0d35c20$641663cf@icarz.com> <20001116232831.E9740@149.211.6.64.reflexcom.com> Subject: Re: ipfw divert few to many Date: Fri, 17 Nov 2000 11:34:49 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks Crist, I did RTFM before posting but it was not clear. More specifically freebsd2# natd -redirect_address 10.0.0.10 207.99.22.38 natd: aliasing address not given freebsd2# natd -redirect_address 10.0.0.10 207.99.22.38 -a 207.99.22.11 natd: Unable to bind divert socket.: Address already in use Is this because it's already running? I must restart to change these settings? I have since created a /etc/natd.conf and gotten it to work. I guess you MUST supply all the arguments in one shot to natd. I was trying to add a host after booting, its seems it can't be done. So adding any new "redirect" hosts to the internal network will require a shutdown and restart of NAT and any ipfw rules? Is there now way to use ipfw to do the redirect? I would like to type up these answers and add them to the man page or the tutorial. Basic NAT was very easy to start, adding one host took 7 hours of mostly reading and alot of guesses. Ken ----------------------------------------------------- Ken Menzel ICQ# 9325188 www.icarz.com kenm@icarz.com ----- Original Message ----- From: "Crist J . Clark" To: "Ken Menzel" Cc: Sent: Friday, November 17, 2000 2:28 AM Subject: Re: ipfw divert few to many > On Thu, Nov 16, 2000 at 12:08:45PM -0500, Ken Menzel wrote: > > Hi, > > I am looking for some configuration help on ipfw unsing NAT (natd). > > If this is not the correct forum, please direct me on where I can > > search. I have hunted the web site and can't seem to come up with an > > example of a simple man to few NAT example. > > I followed the tutorial ( www.freebsd.org/tutorials ) on setting up a > > simple firewall. I actually dropped all the firewall stuff and am > > just using NAT. All my computers on the private net can get out, but > > I want to be able to redirect some of my outside IP's to the inside. > > On the external interface I have to IP's configured (the base IP > > 207.99.22.11) and an alias of 207.99.22.38 I am not sure of the > > command to redirect all (or some) incoming requests for 207.99.22.38 > > to some IP (ie 10.0.0.10). Would that be another divert command? My > > natd setup now is only two commands (plus the flush and command > > setup!). Do I need a netd.conf? > > > > fwcmd="/sbin/ipfw" > > > > # Force a flushing of the current rules before we reload. > > $fwcmd -f flush > > > > # Divert all packets through the tunnel interface. > > $fwcmd add divert natd all from any to any via fxp0 > > $fwcmd add pass all from any to any > > > > my rc.conf is: > > > > ifconfig_fxp0="inet 207.99.22.11 netmask 255.255.255.128" > > ifconfig_fxp0_alias0="inet 207.99.22.38 " > > ifconfig_rl0="inet 10.0.0.1 netmask 255.255.255.0" > > hostname="freebsd2.icarz.com" > > defaultrouter="207.99.22.1" > > linux_enable="YES" > > gateway_enable="YES" > > natd_enable="YES" > > natd_interface="fxp0" > > natd_flags="-dynamic" > > firewall_enable=yes > > firewall_script="/etc/firewall/simple" > > > > Any advice is appreciated. > > RTFM, natd(8). See 'redirect_port' and 'redirect_address.' > -- > Crist J. Clark cjclark@alum.mit.edu > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message