Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Jul 1999 13:36:38 -0500
From:      "Chris Silva" <ras@wildrock.com>
To:        "FreeBSD Questions" <freebsd-questions@FreeBSD.ORG>
Cc:        <bitsurfr@enteract.com>
Subject:   NATD help - please
Message-ID:  <000001becd5e$a4fa4e80$ddb5a8b6@mis2.admis.com>

Next in thread | Raw E-Mail | Index | Archive | Help
I have a network that has a class C via our provider.  I removed most
NT boxes that were doing internet related things. I have now FBSD 3.2
on those boxes.  We used to use MS Proxy, now I have FBSD as a firewall.

With IPFIREWALL, IPDIVERT in the kernel, and in /etc/rc.conf, in the natd
flags, I have -f /etc/natd.conf to read the rules for nat.

The contents of /etc/natd.conf is this:  
-redirect_port insideIP:80 outsideIP:80  (for example)

Below is an example of the original setup: IP's are cludged for security:

Example 1:
www  = 111.111.111.100
ftp  = 111.111.111.101
mail = 111.111.111.102
DNS1 = 111.111.111.103
DNS2 = 111.111.111.104
FBSD = 111.111.111.105 -> This is the new firewall

What would the /etc/natd.conf file look like to get the 1st 3 boxes
behind FBSD to look like this:

Example 2:
FBSD = 111.111.111.105
www  = 10.0.0.100
ftp  = 10.0.0.101
mail = 10.0.0.102

I have added the above redirect for just the webserver without any
success of a connection. (Yes, I have reissued the IP to the web
server to match example 2 - and the gateway was changed from the
Cisco router, to the FBSD firewall).

Any ideas - help would be cool. I read the NATD man over and over
several times, got some ideas from freebsddiary, but I still just
can't seem to get this to work.  It seems to be something very easy.
But its beaten the hell out of me - so far ;)

Thanks in advance everyone.
Chris
_____________________________________________________________________

RSA Key Fingerprint = 6D0B 5536 7825 3D09 9093 384A 9694 FDB6
RSA Key Fingerprint = 4390 44E5 E316 F2AA A11E 5755 F3F9 D69B
DH/DSS Fingerprint = 089B 0B5C 75C7 A7B4 B050 DD14 2D65 5DD6 E87D 239A

PGP Mail encouraged / preferred - keys available on common keyservers
_____________________________________________________________________




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?000001becd5e$a4fa4e80$ddb5a8b6>