Date: Fri, 23 Mar 2001 16:22:58 +0300 From: Odhiambo Washington <wash@iconnect.co.ke> To: Mike Blend <admin@treasure.yi.org> Cc: FBSD-Q <freebsd-questions@freebsd.org> Subject: Re: IPFW/NATD Scenario Message-ID: <20010323162258.B27104@poeza.iconnect.co.ke> In-Reply-To: <PIEHIJCHILMFAJEFGEBNAEEBCAAA.admin@treasure.yi.org>; from "Mike Blend" on Thu, Mar 22, 2001 at 12:45:14PM -0600 References: <PIEHIJCHILMFAJEFGEBNAEEBCAAA.admin@treasure.yi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--hQiwHBbRI9kgIhsi Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Mike Blend <admin@treasure.yi.org> [20010322 21:40]: writing on the subje= ct 'IPFW/NATD Scenario' Mike> I'm new to both FreeBSD and NAT, so please bear with me. Mike>=20 Mike> With the help of a net-friend I have successfully setup a FreeBSD 4.2 Mike> machine with 2 NICS, one for an internal connection and one for an ex= ternal Mike> connection. The machine is acting as a firewall/gateway for the inter= nal Mike> network. It all appears to be functioning properly at this point. Mike>=20 Mike> Here's what I want to do, and how I understand how it needs to be don= e : Mike>=20 Mike> I have a Win2000 server hosting mail and web for 4 domains. That mac= hine Mike> has 4 internet IP addresses assigned to its external NIC. Each one o= f those Mike> ip addresses is for one domain. The web and mail servers for each dom= ain Mike> point to one of those ips. Mike>=20 Mike> What I want to do (I think) is replace the external ips on the win200= 0 box Mike> with internal ips=8510.0.0.x - and I want to have my new FreeBSD box = accept Mike> the incoming traffic to my 4 external ips and route that traffic to t= he Mike> correct internal ip on the win2000 server=85.using one-to-one NAT if I Mike> understand correctly. At that point I will be able to control the tr= affic Mike> to the web/mail server by allowing only those ports and services that= I Mike> need. Mike>=20 Mike> I want to make sure that I've got the right idea, and if so, could so= meone Mike> please explain to me (or direct me to documentation) how to assign th= ose 4 Mike> additional external ip addresses to the external NIC in my FreeBSD bo= x? in /etc/rc.conf ifconfig_fxp0=3D"inet 1.2.3.4 netmask 5.6.7.8" ifconfig_fxp0_alias0=3D"inet 2.3.4.5 netmask 6.7.8.9" ifconfig_fxp0_alias1=3D"inet 3.4.5.6 netmask 7.8.9.10" ifconfig_fxp0_alias0=3D"inet 4.5.6.7 netmask 8.9.10.11" The concept of _alias is what is used. Subst your device name for fxp0. I think it will work, depending on how you set the fwd rules. I've not tested ipfw but I've seen the discussions. I am not in the list so cc me if necessary. -Wash -- Odhiambo Washington Inter-Connect Ltd., wash@iconnect.co.ke 5th Flr Furaha Plaza Tel: 254 11 222604 Nkrumah Rd., Fax: 254 11 222636 PO Box 83613 MOMBASA, KE. Anti-trust laws should be approached with exactly that attitude.=20 --hQiwHBbRI9kgIhsi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6u04yA2k+MNyI/bERAtfgAKCHocBc0N14sfJhdUgIYwQ71trfaQCgmZSq TZMt9rDJSWKr3H/xwpuWKmc= =kx4R -----END PGP SIGNATURE----- --hQiwHBbRI9kgIhsi-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010323162258.B27104>