Date: Tue, 11 Jan 2000 03:09:46 +0100 From: Martin Welk <mw@theatre.sax.de> To: freebsd-questions@FreeBSD.ORG Subject: Re: NATD and Public IP Addresses Message-ID: <20000111030946.A14785@theatre.sax.de> In-Reply-To: <20000111003327.C33776@extremis.demon.co.uk>; from gjvc@extremis.demon.co.uk on Tue, Jan 11, 2000 at 12:33:27AM %2B0000 References: <Pine.BSF.4.10.10001101619480.88174-100000@intertain.interlog.com> <20000111003327.C33776@extremis.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 11, 2000 at 12:33:27AM +0000, George Cox wrote:
> > I have several machines (6) which must be individually publicly accessable.
> And you propose to put them on the inner side of the NAT machine? Well, you
> can't do that -- because those machines will have addresses that are NOT
> ROUTABLE on the Internet.
He can at least hook them to the internal network, give them local
(private) addresses and redirect those addresses through natd on a
FreeBSD box that works as a gateway host:
Public network interface <-> Private network interface
a.b.c.1 = Primary public interface address
a.b.c.2 <-> x.y.z.2 (*)
a.b.c.3 <-> x.y.z.3 (*)
a.b.c.4 <-> x.y.z.4 (*)
(...)
(*) Public network interface addresses configured as ifconfig aliases, that
means, the gateway recognizes itself as that address. When this is done, it
can pass the packets through natd which changes the address and forwards
them to an assigned address in the private network.
> OK -- here you say you have the IP addresses (presumably you mean public IP
> addresses) and say you want to use NAT.
He may need NAT because he has six addresses (an 29 bit netmasked network
piece) but n (with n > 6) network hosts that should be accessable from
the public.
This is possible. First of all, I recommend you read the man pages for
ipfw(4), ipfw(8), divert(4), natd(8), dummynet(4) and build a custom
kernel. You need at least the IPFIREWALL/IPDIVERT rules, perhaps for
a start the IPFIREWALL_DEFAULT_TO_OPEN (sp?) is handy. Configure your
FreeBSD machine as a gateway host.
What you need is the redirect function of natd. For a start, you can
use some minimal firewall setup like
ipfw add 100 divert 8668 ip from any to any via xxx
ipfw add 200 allow all from any to any
(xxx is the public network interface name)
and a natd configuration like
unregistered_only yes
alias_address a.b.c.1
redirect_address x.y.z.2 a.b.c.2
redirect_address x.y.z.3 a.b.c.3
redirect_address x.y.z.4 a.b.c.4
(...)
Don't forget to define those alias addresses for the public network
interface, like
ifconfig xxx alias a.b.c.2 netmask n.m.n.o
ifconfig xxx alias a.b.c.3 netmask n.m.n.o
ifconfig xxx alias a.b.c.4 netmask n.m.n.o
(...)
(Of course it is better to put that into /etc/rc.conf)
Good luck.
Regards,
Martin
--
/| /| | /| / ,,You know, there's a lot of opportunities,
/ |/ | artin |/ |/ elk if you're knowing to take them,
you know, there's a lot of opportunities,
Freiberg/Saxony, Germany if there aren't you can make them,
mw@sax.de / mw@theatre.sax.de make or break them!'' (Tennant/Lowe)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000111030946.A14785>