From owner-freebsd-questions Mon Feb 8 07:48:54 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA21829 for freebsd-questions-outgoing; Mon, 8 Feb 1999 07:48:54 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from polgas.ps.admu.edu.ph (polgas.ps.admu.edu.ph [165.220.5.12]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA21819 for ; Mon, 8 Feb 1999 07:48:42 -0800 (PST) (envelope-from vince@polgas.ps.admu.edu.ph) From: vince@polgas.ps.admu.edu.ph Received: from localhost (vince@localhost) by polgas.ps.admu.edu.ph (8.9.1/8.9.1) with ESMTP id VAA03016 for ; Mon, 8 Feb 1999 21:27:53 +0800 Date: Mon, 8 Feb 1999 21:27:51 +0800 (PHT) To: questions@FreeBSD.ORG Subject: multi-address nat. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG hi. i have a freebsd box that serves as a "masquerading host" for some computers in an internal network. however, i would like to give access to some computers in my internal network from the outside. these would be for my servers. i learned in greg's book that i could do just that with the natd that came with the distribution. that's the main reason why i shifted from linux masquerading. anyway, i tried out the configuration but it simply wouldn't work! 1) in calling natd with the -f option, the program says: "line too long: " then it gives the last line of my natd-config file. my file has this content: ---- natd.conf ---- use_sockets yes redirect_address 192.168.4.245 www.xxx.yyy.zzz redirect_address 192.168.4.246 www.xxx.yyy.zz1 unregistered_only yes same_ports yes dynamic yes interface xl0 # xl0, is my interface to the outside world. ---- end ---- i called it with this line: /usr/sbin/natd -f /etc/natd.conf 2.) after #1 failed, i tried putting everything in one command line, which natd accepted. however, when i tried pinging the inside server from the outside using it's external address, ie www.xxx.yyy.zzz, it could not be reached. what's worse, the internal machines could not ping servers outside. 3.) so i was forced to do a natural, single-address nat, or a plain linux masquerading, as stated in the firewalls/ip-aliasing chapter of greg's book. i once thought it was with my firewall setup but i tried it with the open configuration, and it still didn't work. my rc.firewall setup contains only these lines: ---- rc.firewall ---- $fwcmd -f flush $fwcmd add divert natd all from any to any via xl0 $fwcmd add pass all from any to any ---- end ---- 4.) did i misunderstand the book when i thought that it could do address translation for more than one ip-address? like what NATD-enabled network devices could do : www.xxx.yyy.zz1 ------| |----- 192.168.4.245 | -------- | www.xxx.yyy.zz2 ------|---| NATD |---|----- 192.168.4.246 | -------- | www.xxx.yyy.zz3 ------| |----- 192.168.4.247 with the rest of the internal machines, being masqueraded by the NATD machine's external ip. or is it really like the plain linux, single-ip masquerading? thanks in advance. vince. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message