Date: Sat, 11 Mar 2000 23:49:27 -0500 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Sam Carleton <scarleton@miltonstreet.com> Cc: FreeBSD Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfw is not working Message-ID: <20000311234927.I24340@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <38CB13D0.AB1EE916@miltonstreet.com>; from scarleton@miltonstreet.com on Sat, Mar 11, 2000 at 10:51:07PM -0500 References: <38C9D32F.E8F2254A@miltonstreet.com> <20000311123542.B23514@cc942873-a.ewndsr1.nj.home.com> <38CA9F0F.8A8F89F5@miltonstreet.com> <20000311172441.B24340@cc942873-a.ewndsr1.nj.home.com> <38CB13D0.AB1EE916@miltonstreet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 11, 2000 at 10:51:07PM -0500, Sam Carleton wrote: > "Crist J. Clark" wrote: > > > > Wait a second here. My understanding is that NAT and IP Masquerading are > > > different. From my understanding, with IP Masq there only needs to be one valid > > > IP address, that on the external card of the firewall. With IP Masq gives all > > > out going requests the one external IP address. With NAT, there needs to be one > > > external IP address for every machine that wants to get to the Internet. > > > Considering most folks at home only have one external IP address, they would > > > want to use IP Masq. I have also heard IP Masq called PAT. > > > > > > Looking at page 506 of the 3rd edition of "The Complete FreeBSD", it looks like > > > FreeBSD uses the terminology IP aliasing for what Linux folks call IP Masq. Am > > > I correct? > > > > No. NAT only needs one registered IP address on the external > > interface. If it required a one-to-one mapping, it'd be rather > > useless. See the natd(8) manpage. Also see RFC 1631 and other RFCs > > related to NAT if interested. (BTW, there are no RFCs about "IP > > masquerading." No idea if there are differences.) > > Crist, > > A one-to-one mapping is not useless, that is what I want to do at home for part of my > network. I have aDSL, my telephone company allows me to have four machines on the > Internet at once, so I have an IP mask of 255.255.255.248. I want to have three > different physical servers of sorts on the web, along with the a few workstations. I > want all the machines to be protected by a firewall. I figured I would set the > servers on a 172.16.0.1 and have FreeBSD do a one-to-one NAT from the 172.16.0.x to > the external addresses. I would also have a third NIC in the FreeBSD box on a > 192.168.0.x, doing a one-to-many NAT for the workstations. > > I have a good grip on the consept of the firewall, but never worked with the > one-to-one NAT, can you recommend any good books? You are not doing all one-to-one NAT. Like you say, you also want a one-to-many function for your workstations. If you were _only_ doing one-to-one, I would not say it is worth the effort. Anyway, I think all you need is in the natd(8) manpage and look at the '-redirect_address' option. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000311234927.I24340>