From owner-freebsd-net@FreeBSD.ORG Tue Dec 23 06:07:42 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE8ED16A50C for ; Tue, 23 Dec 2003 06:07:42 -0800 (PST) Received: from cpanel.servercity.com (cpanel.servercity.com [216.235.252.152]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DF5643D48 for ; Tue, 23 Dec 2003 06:07:40 -0800 (PST) (envelope-from peter@easytree.net) Received: from me-waterville-qs-38.mint.adelphia.net ([216.227.133.38] helo=easytree.net) by cpanel.servercity.com with asmtp (Exim 4.24) id 1AYnCD-0004SR-RB for freebsd-net@freebsd.org; Tue, 23 Dec 2003 09:07:38 -0500 Message-ID: <3FE84C46.494045F6@easytree.net> Date: Tue, 23 Dec 2003 09:08:06 -0500 From: Peter Serwe X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@freebsd.org References: <3FE841B4.8E6D47E9@easytree.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cpanel.servercity.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - easytree.net Subject: Re: ipfw/natd/3 nic X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Dec 2003 14:07:42 -0000 Okay, to make a long story short, I got the second public ip to alias to the outside interface. Sounds like: No problem! If there are any extra pointers to extra documentation that would help this out, I'd greatly appreciate it. Thanks again, Pete Peter Serwe wrote: > Okay, > > Basically, since FreeBSD is (in my mind anyway) > the ultimate leatherman of the OS world, and God's > own gift to networking and network services in general > I decided to try to do a 3 nic ipfw/natd setup. > > I've done 2 nic ipfw/natd a couple of times, straight > ipfw public-->public ipfw a couple of times, I'm fairly > comfortable with it.. > > After searching around, I found a message from > Gilson (de?)Paiva referencing some stuff Barney Wolff > told him that basically straightened it out. > > Here's what I'm trying to accomplish: > > I have 2 internal networks that I'll term > private_private (192.168.1.0/24) > and public_private (192.168.2.0/24). > > The total number of clients between both > networks probably could never exceed 100, > and probably won't ever exceed 50. > > I have one public ip address. > > I need both networks to be able to surf, > but I _never_ want ANY traffic to be able > to go in between except from someone having > direct access to the router. The router shouldn't > be passing any traffic in between private networks. > > My ideal as I've currently envisioned it would be > 3 nic nat, with both private networks being able > to get out the public interface. > > Here's the part that's got me thrown for a loop: > > Run 2 instances of natd on 8668/8669 - no problem. > > Run divert rule twice, one to first nat interface > on 8668, one to second on 8669. > > The second natd line is the problem child for me: > > /sbin/natd -f /etc/natd.conf -p 8669 -alias_address public_address > > Is this to imply that I need to run a second public > address for the second natd instance to run? > > Hopefully I've left out nothing relevant, > > Thanks all. > > Pete > -- > Peter Serwe > Cheaper, Faster, Better, pick any two. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Peter Serwe Cheaper, Faster, Better, pick any two.