From owner-freebsd-questions Wed Nov 10 8:48:22 1999 Delivered-To: freebsd-questions@freebsd.org Received: from ns.clientlogic.com (ns.clientlogic.com [207.51.66.75]) by hub.freebsd.org (Postfix) with ESMTP id 011B314A0E for ; Wed, 10 Nov 1999 08:48:17 -0800 (PST) (envelope-from ChrisMic@clientlogic.com) Received: by site0s1 with Internet Mail Service (5.5.2650.21) id ; Wed, 10 Nov 1999 11:48:17 -0500 Message-ID: <6C37EE640B78D2118D2F00A0C90FCB4401105D62@site2s1> From: Christopher Michaels To: jimbean109@hotmail.com Cc: freebsd-questions@FreeBSD.ORG Subject: RE: can I use natd or is this even possible? Date: Wed, 10 Nov 1999 11:51:38 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Jim, Marty's description of why you can't do this is very accurate. He leaves out one feature of natd, and that is it's ability to redirect certain ports to/from the internal machine. E.g. external:2121 can be redirected to internal:21. Now, here comes your problem, you have only one IP. And you want port 21 to do something different depending on what host name is. In your example, www.domain.com, ftp.domain.com, ftp2.domain.com, etc... would all point to the same IP address. I don't believe there is any way to differentiate which hostname was used to connect to your IP address. So, what you want to do can't be done, but not for the reasons that Marty gave. The way I see it you have 2 choices. 1. Redirect another port to the ftp server on the internal machine. As someone else posted and as I believe you already know, have (for example) ftp.domain.com:2121 point to 10.1.1.2:21. (I would actually redirect both 2121 and 2120 to ports 21 and 20 on the internal machine. Ftp uses 2 ports, a control port and a data port. In my experience it will use the port just belive the control, for the data.) 2. Obtain an second public IP address. You can then have natd redirect all traffic for that ip address to the internal machine. (of course you don't really need natd in this case anyway). Hope this clarifies. -Chris > -----Original Message----- > From: Marty Cawthon [SMTP:mrc@ChipChat.com] > Sent: Wednesday, November 10, 1999 10:51 AM > To: jimbean109@hotmail.com > Cc: freebsd-questions@FreeBSD.ORG > Subject: Re: can I use natd or is this even possible? > > From: "Jim Bean" > jimbean109> I have a single (external) IP address with a FreeBSD box > answering to > jimbean109> (www.domain.com, ftp.domain.com, ma.domain.com) with an > internal address of > jimbean109> 10.1.1.1, I also have a WIN95 machine with an internal address > of 10.1.1.2 > jimbean109> which I'd like to run a GUI FTP deamon from (with a name such > as > jimbean109> (ftp2.domain.com). This would be seperate from the FreeBSD > machine which > jimbean109> would still take FTP requests at ftp.domain.com. Basiclly I'm > running to > jimbean109> machines with internal addresses and one external address and > would like > jimbean109> both the take seperate requests from the outside. I've looked > at natd but > jimbean109> that appears to be for redirecting ports only? Is this > possible to do? How > jimbean109> would I go about it? > jimbean109> > jimbean109> 10.1.1.1 (& external address) FreeBSD ftp.domain.com > jimbean109> 10.1.1.2 WIN95 ftp2.domain.com > > Short answer: > not possible > > Discussion: > It seems that you want to access a server daemon on your Win95 machine > from > the Internet at large. But you cannot do this because you have a 10. > address > assigned to it. > > If I try to send a packet from my machine to your Win95 machine > (10.1.1.2) > this packet will not even make it past my router because 10. addresses > are not routed on the Internet. The packet will be dropped. > > If I send a packet from my machine to your external address on your > FreeBSD machine, > how can I specify that this packet is really destined for an internal > machine with > a 10. address? The answer is: it cannot be done with any software that I > know of. > > With NATD your 10. address on your Win95 machine will be translated by > NATD to > the external address of your FreeBSD machine (or a pool of legal > addresses, depending > upon configuration). NATD then keeps track of which connections/packets > are coming > and going for FreeBSD and which are coming/going for the 10. (Win95) > machine. > > Summary: You cannot access the FTP daemon on your Win95 machine from > outside your > private 10. network. With NATD you can use an FTP client on your Win95 > machine to > access an FTP server outside your private 10. network. > > References: RFC 1918 "Address Allocation for Private Internets" > > Marty Cawthon > ChipChat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message