From owner-freebsd-questions@FreeBSD.ORG Tue Feb 17 11:21:42 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D0E816A4CE for ; Tue, 17 Feb 2004 11:21:42 -0800 (PST) Received: from calico.dreamhaven.org (dsl-158-199.atm02.sea.blarg.net [206.124.158.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4E93343D2F for ; Tue, 17 Feb 2004 11:21:42 -0800 (PST) (envelope-from data@dreamhaven.org) Received: from data (helo=localhost) by calico.dreamhaven.org with local-esmtp (Exim 4.05) id 1AtAmv-000ONA-00 for freebsd-questions@freebsd.org; Tue, 17 Feb 2004 11:21:45 -0800 Date: Tue, 17 Feb 2004 11:21:45 -0800 (PST) From: Bryce Newall To: FreeBSD Questions List Message-ID: <20040217111052.M92560@calico.dreamhaven.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on calico.dreamhaven.org X-Spam-Level: X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=ham version=2.61 Subject: natd originating IP X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2004 19:21:42 -0000 Greetings everyone, I am attempting to set up what I thought would be a simple natd configuration, but is turning out to be a little bit trickier than I thought. I have a FreeBSD machine with 2 internet visible IPs on it. The machine also has 2 NICs; the first NIC has the 2 external IPs, and the second has an IP of 10.0.0.1 for the LAN. On the LAN is a Windows 2000 server, running Exchange 2000 and a couple of other services that are accessible from the outside via natd redirects on the FreeBSD box. (Well, Exchange isn't directly accessible, but Outlook Web Access is.) Right now, I have natd running, binding to the second IP address (using the -a switch. The problem with that is, I now have the unwanted side-effect of having all outbound traffic appearing to originate from the second IP address, both from the LAN and from the FreeBSD box itself. The main reason for using the second IP address is that I have a web server running on port 80 on the FreeBSD box (the company's web site), and also have Outlook Web Access running on port 80 on the Win2000 server, and I would prefer not to have to have the users connect to OWA on a special port (most likely, they'll forget). Also, by having outgoing traffic originate from the first IP rather than the second, it provides an extra layer of protection for the Exchange server (i.e. people wouldn't see that there's another IP address out there with ports exposed to a Windows machine). So what I'm wondering is, is there a way to redirect the incoming traffic on the second IP address that I want to redirect to the Win2000 server, and still be able to have all outbound traffic originate from the first IP? Thanks in advance! ********************************************************* * Bryce Newall * Email: data@dreamhaven.org * * www.dreamhaven.org/~data * * "Computers make very fast, very accurate mistakes." * *********************************************************