Date: Mon, 8 Feb 1999 21:27:51 +0800 (PHT) From: vince@polgas.ps.admu.edu.ph To: questions@FreeBSD.ORG Subject: multi-address nat. Message-ID: <Pine.LNX.4.05.9902081811030.2620-100000@polgas.ps.admu.edu.ph>
next in thread | raw e-mail | index | archive | help
hi. i have a freebsd box that serves as a "masquerading host" for some
computers in an internal network. however, i would like to give access to
some computers in my internal network from the outside. these would be for
my servers. i learned in greg's book that i could do just that with the
natd that came with the distribution. that's the main reason why i shifted
from linux masquerading. anyway, i tried out the configuration but it
simply wouldn't work!
1) in calling natd with the -f option, the program says: "line too
long: " then it gives the last line of my natd-config file. my file has
this content:
---- natd.conf ----
use_sockets yes
redirect_address 192.168.4.245 www.xxx.yyy.zzz
redirect_address 192.168.4.246 www.xxx.yyy.zz1
unregistered_only yes
same_ports yes
dynamic yes
interface xl0 # xl0, is my interface to the outside world.
---- end ----
i called it with this line: /usr/sbin/natd -f /etc/natd.conf
2.) after #1 failed, i tried putting everything in one command line, which
natd accepted. however, when i tried pinging the inside server from the
outside using it's external address, ie www.xxx.yyy.zzz, it could not be
reached. what's worse, the internal machines could not ping servers
outside.
3.) so i was forced to do a natural, single-address nat, or a plain linux
masquerading, as stated in the firewalls/ip-aliasing chapter of greg's
book.
i once thought it was with my firewall setup but i tried it with the open
configuration, and it still didn't work. my rc.firewall setup contains
only these lines:
---- rc.firewall ----
$fwcmd -f flush
$fwcmd add divert natd all from any to any via xl0
$fwcmd add pass all from any to any
---- end ----
4.) did i misunderstand the book when i thought that it could do address
translation for more than one ip-address? like what NATD-enabled network
devices could do :
www.xxx.yyy.zz1 ------| |----- 192.168.4.245
| -------- |
www.xxx.yyy.zz2 ------|---| NATD |---|----- 192.168.4.246
| -------- |
www.xxx.yyy.zz3 ------| |----- 192.168.4.247
with the rest of the internal machines, being masqueraded by the NATD
machine's external ip. or is it really like the plain linux, single-ip
masquerading?
thanks in advance.
vince.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9902081811030.2620-100000>