From owner-freebsd-questions Fri Mar 14 15:49:19 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0468037B404 for ; Fri, 14 Mar 2003 15:49:18 -0800 (PST) Received: from pa-plum1b-166.pit.adelphia.net (pa-plum1b-13.pit.adelphia.net [24.53.161.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D4BB43FB1 for ; Fri, 14 Mar 2003 15:49:17 -0800 (PST) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com (working [172.16.0.95]) by pa-plum1b-166.pit.adelphia.net (8.12.7/8.12.7) with ESMTP id h2ENn5Tb009116; Fri, 14 Mar 2003 18:49:16 -0500 (EST) (envelope-from wmoran@potentialtech.com) Message-ID: <3E726A3D.8010405@potentialtech.com> Date: Fri, 14 Mar 2003 18:48:13 -0500 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.2.1) Gecko/20030301 X-Accept-Language: en-us, en MIME-Version: 1.0 To: fbsdq Cc: freebsd-questions@freebsd.org Subject: Re: fbsd box as router AND natd References: <20030314223344.54713.qmail@saexchange.softwarealternative.com> In-Reply-To: <20030314223344.54713.qmail@saexchange.softwarealternative.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG fbsdq wrote: > > Hello, > I was wondering if this is possible and how to do it. I just got a > t1 installed with limited IP's. I want my FreeBSD box to act as a > router to all those office pc's with my limited public IP's, and when I > run out of those I want it to also act as a natd box to my 10.x.x.x ip > addresses. Do I need three nics to get this done? One for outside > interface, one for public ip inside interface [router], and a third one > for inside public ip interface [natd]? I know how to do natd, but for > it to act as a router what do I need in /etc/rc.conf, will just > gateway_enable=YES do? or do I need to run routed? Yes, you can do this. No, you don't need two network cards. Use the -unregistered_only option to natd to tell it only to translate RFC-1918 addressed (so your public addresses get routed without translation) Set up the internal network card with an IP in the 10.x.x.x range, as well as a public IP. Then the machines with Public IPs can route through without translation, but natd will translate the private ones. Without knowing more about the layout of your network and the IPs involved, I can't give more details. Your ISP may need to add a routing rule to get traffic to route successfully back to you. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message