From owner-freebsd-questions Fri Mar 8 4:17: 6 2002 Delivered-To: freebsd-questions@freebsd.org Received: from relay3-gui.server.ntli.net (relay3-gui.server.ntli.net [194.168.4.200]) by hub.freebsd.org (Postfix) with ESMTP id 3062237B405 for ; Fri, 8 Mar 2002 04:16:52 -0800 (PST) Received: from pc4-card4-0-cust162.cdf.cable.ntl.com ([80.4.14.162] helo=rhadamanth.private.submonkey.net ident=mailnull) by relay3-gui.server.ntli.net with esmtp (Exim 3.03 #2) id 16jJIo-0006Ej-00 for freebsd-questions@freebsd.org; Fri, 08 Mar 2002 12:16:50 +0000 Received: from setantae by rhadamanth.private.submonkey.net with local (Exim 3.35 #1) id 16jJIM-000B5N-00; Fri, 08 Mar 2002 12:16:22 +0000 Date: Fri, 8 Mar 2002 12:16:22 +0000 From: Ceri To: Koroush Saraf Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Running NAT on a single interface Message-ID: <20020308121622.GA42497@submonkey.net> Mail-Followup-To: Ceri , Koroush Saraf , freebsd-questions@FreeBSD.ORG References: <200203050300.WAA23159@alpha.vaxxine.com> <004901c1c3fc$f97a47c0$650110ac@netmetrica.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <004901c1c3fc$f97a47c0$650110ac@netmetrica.com> User-Agent: Mutt/1.3.27i X-message-flag: If you can read this, get a better mail client Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Mar 04, 2002 at 08:18:00PM -0800, Koroush Saraf wrote: > Hi All, > I like to run NAT on a single interface gateway. I like it to translate > between private addresses and the public one which is connected to my DSL > router. Is that possible? I'm not asking whether its a good idea or not, I > like to know whether BSD is flexible enough to allow that, and if so, how > does it distinguish which addresses are on the "outside" and which ones are > in the inside, since the interface flag will not be much help in this case. I do this on one of my machines. Setting it up wasn't all that hard, this basically takes care of all the magic : add 00306 divert natd all from any to any via 212.250.77.214 add 00307 pass all from 172.17.77.0/24 to any via 172.17.77.214 add 00308 pass all from any to 172.17.77.0/24 via 172.17.77.214 add 00309 deny log all from any to 172.17.77.0/24 via ed0 add 00310 deny log all from 172.17.77.0/24 to any via ed0 The NAT'd machines run on 172.17.77.0/24 on the same wire as the public IP addresses. If you want any more info, let me know. Ceri -- keep a mild groove on To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message