Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 12 Jun 2003 17:10:03 -0400
From:      Bill Moran <wmoran@potentialtech.com>
To:        Koroush Saraf <koroush.saraf@lmco.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: NAT Question
Message-ID:  <3EE8EC2B.7000202@potentialtech.com>
In-Reply-To: <00c601c33124$1ffec5c0$04f4c581@BSDWIN2KKOROUSH>
References:  <00c601c33124$1ffec5c0$04f4c581@BSDWIN2KKOROUSH>
next in thread | previous in thread | raw e-mail | index | archive | help 
[Please wrap your lines around 70 chars or so]

Koroush Saraf wrote:
>   Hi all,
> 
>   I'm trying to setup a BSD box to act as a NAT gateway between private
 > net and public Internet.  My requirements is to map the src and destination
 > of the packet according to a set of rules.
> 
>   The BSD box has two public IP addresses. Depending on which interface the
 > packet arrives on it will get routed to a different private destination
 > address.
> 
>   I'm using ipnat with the following mapping on the NAT box.
>   The Nat box has only 1 interface xl0
>   the ip addresses of this interface are: 
>   public  129.197,244.6/24,129.197.244.7/24, 129.197.244.8/24 
>   private 10.77.1.2/24, 10.77.2.2/24

This is not a particularly good setup.  I hope you aren't expecting this to
act as a firewall or provide any security?  You'd probably be better off
setting up the machines with the IP addresses directly, instead of natting.
Otherwise, get a second NIC ... it's the right thing to do.

Please provide the output of "ifconfig".  What you describe above is wrong,
but it's possible that you mistyped it.  If you actually try to have two
IPs on the same NIC that equate to the same network number, your networking
will not work as expected.

>   The servers on the private lan are 10.77.1.1/24 and 10.77.2.1/24 on two
 > different subnets.
> 
>   to 
>   List of active MAP/Redirect filters:
>   map xl0 129.197.244.7/32 -> 10.77.1.1/32
>   map xl0 129.197.244.8/32 -> 10.77.2.1/32
>   map xl0 10.77.1.1/32 -> 129.197.244.7/32
>   map xl0 10.77.2.1/32 -> 129.197.244.8/32
> 
>   However I'm not getting the desired results.

You're using the wrong command.  Use rdr.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EE8EC2B.7000202>