Date: Sat, 12 Jun 2004 20:54:39 +0100 From: Stacey Roberts <stacey@vickiandstacey.com> To: Vince Hoffman <jhary@unsane.co.uk> Cc: Stacey Roberts <stacey@vickiandstacey.com> Subject: Re: NAT vs Public IP Range info needed, please Message-ID: <20040612195439.GG392@crom.vickiandstacey.com> In-Reply-To: <20040612182659.U17341@unsane.co.uk> References: <20040612164622.GE392@crom.vickiandstacey.com> <20040612182659.U17341@unsane.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--N+dhEFW7Y2Uiel/w
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello Vince,
Thanks for the reply.
----- Original Message -----
From: "Vince Hoffman <jhary@unsane.co.uk>"
To: To Stacey Roberts
Date: Sat, 12 Jun, 2004 18:36 BST
Subject: Re: NAT vs Public IP Range info needed, please
>=20
>=20
> On Sat, 12 Jun 2004, Stacey Roberts wrote:
>=20
> > Hello,
> > I am looking to replace a proprietary DSL router/modem with the Sa=
ngoma S518 ADSL PCI Controller, thereby placing a FreeBSD (4.10-Stable) ser=
ver running ipfw to handle access, firewall and nat duties.
> >
<snipped>
> >
> > What I would like to know is if it is possible to do to following: -
> > Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6, 1.1=
.1.7 & 1.1.1.8
> > 1] G'Way host is assigned its own public IP - 1.1.1.3
> > 2] LAN hosts' (all) traffic is NAT'd using one of the other public IP's=
- 1.1.1.4
> > 3] Remaining 4 public IP addresses are left to be used other purposes (=
eg: "true" address redirection to a DMZ-host, that is not a member of the i=
nternal LAN subnet)
> >
>=20
> All entirely reasonable
>=20
> > As you see, the g'way's public ip is not being used for NAT'ing interna=
l hosts' outgoing traffic, but another ip from within the assignied public =
ip address range. My reading of the NAT chapter does not suggest that there=
is a way to define the public IP with which traffic is to be translate. Is=
this functionality not supported, or have I missed something when reading =
the various sections?
>=20
> You havent missed anything in the hand book but I suggest reading the natd
> manpage, specificly
> -alias_address | -a address
> Use address as the aliasing address. Either this or the
> -interface option must be used (but not both), [more here
> but no need to post it as you have it all already]
Excellent! I'll get onto this and see what needs to be done whilst I wait f=
or the card to arrive.
>=20
> Also it might be worth looking at at the ipf/ipnat ipfilter stuff and se=
eing which
> you find easier to use. (examples in /usr/share/examples/ipfilter for
> ipfilter , see the handbook or manpage for ipfw.)
I've never used ipfilter before - mainly because the HandBook had historica=
lly exclusively used ipfw in its examples since I started with FreeBSD back=
at 4.2. I'll certainly consider ipfilter as well to see what benefits it o=
ffers over ipfw. Thanks for that suggestion.
Regards,
Stacey
>=20
>=20
>=20
> >
> > I'd appreciate any pointers to where I might find more information that=
might assist me, or an explanation of what it is that I am not understandi=
ng when reading the HandBook.
> >
> > Thanks for the time.
> >
> > Regards,
> >
> > Stacey
> >
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"
--N+dhEFW7Y2Uiel/w
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQEVAwUBQMtffOdvY+8mWFvRAQGi/wf7BcCL+Lov1thUiyqSlaAo/4UR7sW4zWEI
euzOJjbOYYHSeKIDCkvclZw7Pw5KVMfYeCQgO7/jJB6vocfImjIwz4HSB1N1V8PT
F0pNJglBXyGH/I6PajXDVcV1HzphegokzByxWVk6a38XS4+IzemOtGz5KYjJ51PT
bXx8TN3alSzJuraMJLhmrjtAXQC1K+fwkdSAwRc6Q8cw/zIkxTj64IFA9wXMEgVb
l9CSWG2V1go0P1BOfw9m5ldC/Vc7orLRFHC2qNeKLF2LDgThS0IfntNtmkKT2LOT
LhRWX2OqCy/Hs5luILcGAm1b8lxkqy/QoZymPMP7LlMxTr01+lCKlQ==
=WHqU
-----END PGP SIGNATURE-----
--N+dhEFW7Y2Uiel/w--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040612195439.GG392>