From owner-freebsd-questions Wed Jul 28 7:35:22 1999 Delivered-To: freebsd-questions@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.128.198]) by hub.freebsd.org (Postfix) with ESMTP id 82952154A3 for ; Wed, 28 Jul 1999 07:35:10 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from keep.lan.Awfulhak.org (localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id PAA01437; Wed, 28 Jul 1999 15:33:27 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from keep.lan.Awfulhak.org (brian@localhost.lan.Awfulhak.org [127.0.0.1]) by keep.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id PAA03148; Wed, 28 Jul 1999 15:33:34 +0100 (BST) (envelope-from brian@keep.lan.Awfulhak.org) Message-Id: <199907281433.PAA03148@keep.lan.Awfulhak.org> X-Mailer: exmh version 2.0.2 2/24/98 To: Dan Simoes Cc: brian@FreeBSD.org.uk (Brian Somers), dans@iclick.com (Dan Simoes), freebsd-questions@FreeBSD.ORG (freebsd-questions@FreeBSD.ORG) Subject: Re: setting up redirects with natd/firewall In-reply-to: Your message of "Wed, 28 Jul 1999 08:33:23 EDT." <199907281233.IAA02865@deva.iclick.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 28 Jul 1999 15:33:34 +0100 From: Brian Somers Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > Natd should be run on the interface with address A.B.C.D. It does > > the redirect_port on the primary address by default. If you have > > more than one web server, you'll need to run natd on a multi-homed > > interface and do something like > > > > redirect_port tcp 192.168.100.A:80 A.B.C.D:80 > > redirect_port tcp 192.168.100.B:80 E.F.G.H:80 > > > > where A.B.C.D and E.F.G.H are your external addresses. > > I think the letters are getting confusing. > > Say I have two web servers with addresses of 199.1.1.1 and 199.1.1.2 > which are in DNS as web1 and web2. > > I want to place them behind the firewall, so I readdress them as > 192.168.100.1 and 192.168.100.2, private side addresses. > > On the outside, DNS still lists web1 and web2 with public side addresses. > I want to direct queries through the firewall for those hosts, > but I need to either change DNS so web1 and web2 point to the firewall's > public side interface, or run multiple interfaces (virtual IPs?) > on the firewall so those IPs are publicly visible. Yep, you'll need to ifconfig fxp0 inet 199.1.1.1 netmask whatever ifconfig fxp0 inet 199.1.1.2 netmask 0xffffffff alias assuming you've got an fxp NIC, and then redirect_port tcp 192.168.100.1:80 199.1.1.1:80 redirect_port tcp 192.168.100.2:80 199.1.1.2:80 in your natd config. Of course the rest of the world will have to know how to get to 199.1.1.[12]. > I don't think redirect_port will do this, correct? Not the whole thing :-) > -- > Dan Simoes mail:dans@iclick.com > iClick web:www.iclick.com > 410 Saw Mill River Road LL 135 voice: 914.693.0837 > Ardsley, NY 10502 fax:914.693.1055 > -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message