Date: Sat, 17 Feb 2001 19:13:46 -0600 (CST) From: Brennan Stehling <brennan@offwhite.net> To: freebsd-questions@freebsd.org Subject: natd vs ipnat Message-ID: <Pine.BSF.4.21.0102171852120.56304-100000@home.offwhite.net>
next in thread | raw e-mail | index | archive | help
Lately I have used FreeBSD to act as a firewall/router between an outside
connection and a private networks. I have have done this a few times now
for either a DSL or the T1 at the office. Each time I do this I have to
recompile the kernel with support for ipnat so I can run NAT.
There may be 2 solutions for this so I am looking for any examples which
may help me do this better.
I typically run natd with ipnat. Natd does mapping for a whole address
while ipnat can wildcard a single public IP for a poll of internal
addresses. Some people may need to have a dedicated IP to do FTP or
something else. Is simply do the full mapping of a public IP to the
internally private IP. Otherwise I have DHCP running on the server and
that gives out the IPs which ipnat is aliasing. I am wondering if I can
simply configure natd to wildcard like I am doing with ipnat. Perhaps a
text diagram will help...
Outside IP Pool:
216.127.183.17
216.127.183.18
216.127.183.19
216.127.183.20
216.127.183.21
Internally all Machines have these addresses...
192.168.1.2
192.168.1.3
192.168.1.4
192.168.1.5
192.168.1.100
192.168.1.101
192.168.1.102
192.168.1.103
192.168.1.104
I will then map the first few addresses with natd. Here are a few
examples lines from /etc/natd.conf
interface xl1
redirect_address 192.168.1.2 216.127.183.17
redirect_address 192.168.1.3 216.127.183.18
redirect_address 192.168.1.4 216.127.183.19
redirect_address 192.168.1.5 216.127.183.20
This will take care of my "static" addresses which essentially have a more
reliable connection for various services.
Then my rules file for ipnat would be something like...
map xl0 192.168.1.0/32 -> 216.127.183.21/32 portmap tcp/udp 40000:65000
This will be able wildcard for the pool of addresses I would give out with
DHCP. I have typically been using 192.168.1.100 to 200 as my pool.
Is this how it has to be done? Can I wildcard it better? And is there a
way to do without compiling a new kernel to do the routing?
One route I have considered is simply adding 100 addresses into the
natd.conf file but I do not think I can use a public address for multiple
private addresses. The man page mentions something of this, but it is not
clear. I will be doing some experimenting over the next couple of days
and any help in terms of suggestions and example configuration files would
be very much appreciated.
Please also let me know if you think you can use the default kernel with
your configuration. I am trying to install FreeBSD onto older machines
with slow processors and only 500 mb of disk space and it can be a bear to
compile if it would even fit. I wish there were a few compiled kernels
which came with the 4 disk CD set. Compiling the kernel to simply provide
NAT seems odd for a network operating system like FreeBSD. Perhaps this
will change since now so many people have found FreeBSD to be a great way
to run a home network off their DSL/Cable modem.
Brennan Stehling - software developer and system administrator
my projects:
home.offwhite.net (free personal hosting)
www.greasydaemon.com (bsd search)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0102171852120.56304-100000>