From owner-freebsd-hackers  Mon Sep 13 17:48:14 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32])
	by hub.freebsd.org (Postfix) with ESMTP id 8C22514F2D
	for <hackers@freebsd.org>; Mon, 13 Sep 1999 17:48:12 -0700 (PDT)
	(envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
	by resnet.uoregon.edu (8.9.3/8.9.3) with ESMTP id RAA04382
	for <hackers@freebsd.org>; Mon, 13 Sep 1999 17:48:11 -0700 (PDT)
	(envelope-from dwhite@resnet.uoregon.edu)
Date: Mon, 13 Sep 1999 17:48:11 -0700 (PDT)
From: Doug White <dwhite@resnet.uoregon.edu>
To: hackers@freebsd.org
Subject: Multiple NAT alias addresses
Message-ID: <Pine.BSF.4.10.9909131744020.88005-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

hello ..

We're trying to turn up a firewall box running NAT with multiple external
IPs.  I added the alias and set up natd.conf as follows:

use_sockets yes
same_ports yes
#
# machine1 redirections 
#redirect_port tcp 192.168.2.237:ssh 1.2.3.4:ssh
#redirect_port tcp 192.168.2.237:smtp 1.2.3.4:smtp
#redirect_port tcp 192.168.2.237:pop3 1.2.3.4:pop3
#redirect_port tcp 192.168.2.237:imap4 1.2.3.4:imap4

# machine2 redirections
redirect_port tcp 192.168.2.201:ssh 1.2.3.5:ssh
redirect_port tcp 192.168.2.201:http 1.2.3.5:http

I start natd with:

natd -f /etc/natd.conf -n fxp0  where fxp0 is the public-side interface.

Restarting natd with this configuration causes it to block everything.
Does natd support multiple alias addresses, or am I missing something
obvious?

This is a production situation so doing test runs for logs is difficult.
I can get more info in ~30 minutes, but if someone can note any
inconsistencies that would be great.

Doug White                               
Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message