Date: Thu, 23 Oct 2003 19:01:02 -0600 From: Brett Glass <brett@lariat.org> To: questions@freebsd.org Subject: Static NAT with natd and ipfw Message-ID: <6.0.0.22.2.20031023184442.04f99b18@localhost>
next in thread | raw e-mail | index | archive | help
A client wants to "expose" a host on a LAN behind a NAT firewall to the Internet at large. The host is is behind a FreeBSD machine that's functioning as (among other things) a NAT router. The host already has an unregistered internal address (which it needs to keep), but also must allow others to connect to it from the outside world via a "real" IP address that's distinct from that of the router. In other words, from the point of view of the Internet, I want the host to look as if it's outside the firewall at a separate address from the firewall itself. The natd man page mentions a -redirect_address command line option which looks as if it would do PART of the job. But what other configuration do I have to do (e.g. changes to rc.firewall, rc.conf, etc.) to make this work? I'm sure I could tinker and figure all of this out, but this week is quite busy and I need to get things set up in a hurry. (Also, it's a production system and don't want to cause unnecessary downtime while I experiment.) Advice, and sample lines from configuration files, would be much appreciated. --Brett Glass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20031023184442.04f99b18>