Date: Fri, 5 May 2000 22:28:59 -0600 (MDT) From: "Forrest W. Christian" <forrestc@iMach.com> To: questions@FreeBSD.ORG Subject: Re: NATD Configuration. Message-ID: <Pine.BSF.4.21.0005052221410.28710-100000@workhorse.iMach.com> In-Reply-To: <Pine.BSF.4.21.0005051943020.27250-100000@workhorse.iMach.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I just love answering my own questions.... But for the archive... On Fri, 5 May 2000, Forrest W. Christian wrote: > I have an interesting NATD configuration problem. > > I currently have a machine running a version of 3-STABLE with three > interfaces: > > interface wi0 - WaveLAN Interface to the Internet > interface ed0 - "Private" ethernet segment - 192.168.1.x > interface ed1 - "Public" ethernet segement - 206.127.x.x > > The goal is to have ed0 sit behind the functionality of natd not only for > the address translation benefits but also for security and to have the ed1 > interface essentially "wide open". Adding a second divert ala: (these might be slightly mangled) ipfw add 100 divert natd ip from any to any via wi0 ipfw add 100 divert natd ip from any to any via ed1 Has the desired effect. This forces not only traffic from wi0 to be diverted/nat'ed but also traffic from ed1. -unregistered_only (natd option) is required. Additional filters (recommended) for wi0 and ed1 to drop "unnat'd" traffic to/from 192.168.1.x are left as an exercise for the reader. - Forrest W. Christian (forrestc@imach.com) KD7EHZ ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ---------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005052221410.28710-100000>