From owner-freebsd-questions Thu Nov 20 07:09:26 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id HAA10165 for questions-outgoing; Thu, 20 Nov 1997 07:09:26 -0800 (PST) (envelope-from owner-freebsd-questions) Received: from blues.jpj.net (benh@blues.jpj.net [204.97.17.146]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA10156 for ; Thu, 20 Nov 1997 07:09:23 -0800 (PST) (envelope-from benh@blues.jpj.net) Received: from localhost (benh@localhost) by blues.jpj.net (backatcha) with SMTP id KAA11458 for ; Thu, 20 Nov 1997 10:09:18 -0500 (EST) Date: Thu, 20 Nov 1997 10:09:18 -0500 (EST) From: Ben Hockenhull To: questions@freebsd.org Subject: NAT+registered networks Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I'm attempting to use a FreeBSD box to assist in my transition from registered addresses to unregistered addresses. I have approx 1000 nodes with registered addresses that will be, over time, switched to addresses in the 10.x.x.x range. So, what I need to do is put this FreeBSD box in front of everything until the entire thing is transitioned. The external interface is a registered address, and the internal interface has both an unregistered and a registered address assigned to it. What it needs to do is to NAT unregistered addresses and pass registered addresses. Will this work? I can get unregistered addresses on the 192.168.x.x network to NAT fine; it's the registered address passing and NAT of 10.x.x.x addresses that does not work. Any ideas? /etc/natd.conf: unregistered_only yes alias_address 199.217.x.x log yes /etc/rc.firewall: /sbin/ipfw -f flush /sbin/ipfw add 3000 divert 6668 all from 10.0.0.0/8 to any via ep0 /sbin/ipfw add 4000 divert 6668 all from any to 10.0.0.0/8 via ep1 /sbin/ipfw add 65000 pass all from any to any Thanks for any help. Ben -- Ben Hockenhull benh@jpj.net