Date: 14 Mar 2003 19:10:43 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com> To: freebsd-questions@freebsd.org Subject: Re: fbsd box as router AND natd Message-ID: <44n0jxpjzw.fsf@be-well.ilk.org> In-Reply-To: <3E726A3D.8010405@potentialtech.com> References: <20030314223344.54713.qmail@saexchange.softwarealternative.com> <3E726A3D.8010405@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran <wmoran@potentialtech.com> writes: > fbsdq wrote: > > Hello, > > I was wondering if this is possible and how to do it. I just got > > a t1 installed with limited IP's. I want my FreeBSD box to act as a > > router to all those office pc's with my limited public IP's, and > > when I run out of those I want it to also act as a natd box to my > > 10.x.x.x ip addresses. Do I need three nics to get this done? One > > for outside interface, one for public ip inside interface [router], > > and a third one for inside public ip interface [natd]? I know how > > to do natd, but for it to act as a router what do I need in > > /etc/rc.conf, will just gateway_enable=YES do? or do I need to run > > routed? > > Yes, you can do this. No, you don't need two network cards. You *should* have two. You don't need three, though. [You could do it with one, but your ISP would have a right to be annoyed with you.] > Use the -unregistered_only option to natd to tell it only to > translate RFC-1918 addressed (so your public addresses get > routed without translation) Set up the internal network card > with an IP in the 10.x.x.x range, as well as a public IP. Then > the machines with Public IPs can route through without translation, > but natd will translate the private ones. You shouldn't need a public IP on the inside interface. Putting a public IP on the outside interface should be good enough. > Without knowing more about the layout of your network and the IPs > involved, I can't give more details. Your ISP may need to add a > routing rule to get traffic to route successfully back to you. As long as you've got two cards, this shouldn't be a problem. They shouldn't be seeing your internal traffic, and your external traffic will all be using the public IP addresses they've already given you. By "you," incidentally, I mean the original poster, or anybody else following a similar scheme. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44n0jxpjzw.fsf>