Date: Wed, 24 Dec 1997 18:46:25 -0800 (PST) From: "UC Computer / Transbay.Net" <root@transbay.net> To: freebsd-questions@freebsd.org Subject: NAT question(s) Message-ID: <199712250246.SAA22896@transbay.net>
next in thread | raw e-mail | index | archive | help
If there's more info/examples online, I should RTFM, sorry. I'm trying to use the man page for natd from 2.2.5, maybe against a misconception of what I might be able to do with NAT. My notion of what NAT does is this (roughly), in a context of having say, an Ascend Pipeline connecting an office to the Internet via ISDN. The Pipeline's NAT feature allows all the machines in the office to use a phony network, e.g. 192.168.2.0/24, while the Pipeline itself connects to the ISP at a single fixed address, e.g. 207.105.23.156/32. This means the Pipeline has to "proxy", in a sense, for all the machines on the 192.168.2 net, translating the traffic as coming 'from' 207.105.23.156. I don't know if the Pipeline really does that. On the face of it, the Pipeline has a big job keeping track of what packets it expects to receive back from the outside world in response to packets sent in behalf of the phony-net clients. I probably don't understand that a TCP connect is made from an (anonymous?) port on the client machine, to e.g. port 80 on a server for http, for example. Maybe this is not as hard as it seems. Now I'm trying to do a variant of the normal "grail" use of NAT. I have a gateway box at 207.105.6.18 with two interfaces, ed2 and ed3. ed2 is the "live" connection, defined as 207.105.6.18. ed3 is defined as 192.168.254.2/24, and I have a test client box connected to that, the client's interface ed1 is defined as 192.168.254.22/24. The gateway box is supposed to "NAT proxy" for the client-side network so that client-side machines can use normal Internet services like mail, http, ftp. I'm not even considering telnet, but if I did it would be outgoing only, of course. The man page appears to address the use of one machine in itself. I don't see how to get traffic from the client THROUGH the gateway to the outside. Traffic to/from the gateway itself doesn't need to be modified, but it's not clear how to get the 192.168.254.22 traffic to be "remarked" as coming from 207.105.6.18 as needed so that it will be routed properly, and then returned back through NAT. It could be a simple config thing, or a set of port mappings per client-side machine in a long natd config file ... as long as it works. Anyone can shed light on this? Books, examples, configuration files? Thanks. -ecsd@transbay.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712250246.SAA22896>