From owner-freebsd-questions  Wed Jul 28  4:27:17 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from deva.iclick.com (deva.iclick.com [209.176.19.254])
	by hub.freebsd.org (Postfix) with ESMTP id 11DD014D2D
	for <freebsd-questions@FreeBSD.ORG>; Wed, 28 Jul 1999 04:27:13 -0700 (PDT)
	(envelope-from dans@deva.iclick.com)
Received: (from dans@localhost)
	by deva.iclick.com (8.9.3/8.9.1) id HAA02435;
	Wed, 28 Jul 1999 07:25:50 -0400 (EDT)
From: Dan Simoes <dans@deva.iclick.com>
Message-Id: <199907281125.HAA02435@deva.iclick.com>
Subject: Re: setting up redirects with natd/firewall
To: brian@FreeBSD.org.uk (Brian Somers)
Date: Wed, 28 Jul 1999 07:25:49 -0400 (EDT)
Cc: dans@iclick.com (Dan Simoes),
	freebsd-questions@FreeBSD.ORG (freebsd-questions@FreeBSD.ORG)
In-Reply-To: <199907280917.KAA01384@keep.lan.Awfulhak.org> from "Brian Somers" at Jul 28, 1999 10:17:37 AM
X-Mailer: ELM [version 2.5 PL0]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>   redirect_port tcp 192.168.100.D:80 80

OK, I'll give that a shot.  I should point out for the archives
that the D above refers to a random number (I didn't want to 
use real network numbers).

Now, that still leaves two issues - how does traffic for
A.B.C.D "know" to go to the firewall  (ie, do I use a cname, static arp,
virtual ip?) and what if I have more than one web server behind
the firewall?
 
Sorry if I'm missing something obvious.  Let me know if there is a 
different list I should be using for this, the other lists were all
listed as "technical"...

| Dan |
 
> > I'm new to freebsd, so bear with me.
> > 
> > I've been struggling for the past few days to get a firewall set
> > up using freebsd/ipfw/natd.  I've got everything running, and now
> > all that is left is to accomplish some remapping. 
> > 
> > To wit:
> > 
> > - traffic for server A.B.C.D on port 80 should be remapped to
> >   internal server 192.168.100.D on port 80
> > - replies from that internal server should be remapped at the
> >   firewall to appear to come from A.B.C.D
> > 
> > I'm trying to do this with -redirect_address in natd, but
> > I imagine there are also some issues with adding static routes
> > via arp so traffic "knows" to go to the firewall?
> > 
> > If anyone has an example config file for natd I'd greatly appreciate
> > it.  
-- 
Dan Simoes                              mail:dans@iclick.com
iClick					web:www.iclick.com	
410 Saw Mill River Road LL 135		voice: 914.693.0837
Ardsley, NY 10502                      	fax:914.693.1055


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message