Date: Mon, 27 Apr 2015 21:02:55 +0100 From: Frank Leonhardt <frank2@fjl.co.uk> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: ipfw, natd and a server on a second WAN address Message-ID: <553E95EF.8050002@fjl.co.uk>
next in thread | raw e-mail | index | archive | help
I hope someone will *know* how to do this. I can guess, but if I guess
wrong there'll be consequences...
The situation I have is that there's a LAN using a FreeBSD box as a
router, doing asymmetric NAT between two Ethernet interfaces. There's a
/29 on the WAN, but only one IP was being used.
On the LAN there's a server with a few ports forwarded from the WAN IP.
For various reasons I won't bore you with, I really need to make this
server appear on a different IP address on the WAN. How do I achieve this?
Okay, on the NATting machine we have a config like:
eht0:
inet 192.168.1.210 netmask 0xffffff00 broadcast 192.168.1.255
eth1:
inet <wan>.210 netmask 0xfffffff8 broadcast <wan>.215
inet <wan>.211 netmask 0xffffffff broadcast <wan>.211
On ipfw we have:
divert natd all from any to any via eth1
add pass all from any to any
And for natd there are options like:
interface eth1
redirect_port tcp 192.168.1.212:25 25
This will happily NAT most things, but anything coming in on <wan>.210
goes to port 25 on LAN machine 192.168.1.212. This is great.
Anything coming in on <wan>.211 doesn't get natted at all. I thought it
might, but it doesn't.
Does anyone know the runes needed to make <wan>.211 port 25 pass through
to 192.168.1.212?
(Incidentally, this would be easy to fix if I could change some cables
around, but I can't).
I'm thinking that all I need to do is put in a static route manually.
But when I try to figure out what exactly it would be, I get a headache.
BTW, I'm specifically using natd here.
If anyone knows, it'd save me a lot of stress, or a day's driving, and
probably both!
Thanks, Frank.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?553E95EF.8050002>