From: Sam Carleton <scarleton@miltonstreet.com> To: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfw is not working Message-ID: <38CB13D0.AB1EE916@miltonstreet.com> References: <38C9D32F.E8F2254A@miltonstreet.com> <20000311123542.B23514@cc942873-a.ewndsr1.nj.home.com> <38CA9F0F.8A8F89F5@miltonstreet.com> <20000311172441.B24340@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Crist J. Clark" wrote: > > Wait a second here. My understanding is that NAT and IP Masquerading are > > different. From my understanding, with IP Masq there only needs to be one valid > > IP address, that on the external card of the firewall. With IP Masq gives all > > out going requests the one external IP address. With NAT, there needs to be one > > external IP address for every machine that wants to get to the Internet. > > Considering most folks at home only have one external IP address, they would > > want to use IP Masq. I have also heard IP Masq called PAT. > > > > Looking at page 506 of the 3rd edition of "The Complete FreeBSD", it looks like > > FreeBSD uses the terminology IP aliasing for what Linux folks call IP Masq. Am > > I correct? > > No. NAT only needs one registered IP address on the external > interface. If it required a one-to-one mapping, it'd be rather > useless. See the natd(8) manpage. Also see RFC 1631 and other RFCs > related to NAT if interested. (BTW, there are no RFCs about "IP > masquerading." No idea if there are differences.) Crist, A one-to-one mapping is not useless, that is what I want to do at home for part of my network. I have aDSL, my telephone company allows me to have four machines on the Internet at once, so I have an IP mask of 255.255.255.248. I want to have three different physical servers of sorts on the web, along with the a few workstations. I want all the machines to be protected by a firewall. I figured I would set the servers on a 172.16.0.1 and have FreeBSD do a one-to-one NAT from the 172.16.0.x to the external addresses. I would also have a third NIC in the FreeBSD box on a 192.168.0.x, doing a one-to-many NAT for the workstations. I have a good grip on the consept of the firewall, but never worked with the one-to-one NAT, can you recommend any good books? Sam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38CB13D0.AB1EE916>