From owner-freebsd-questions  Wed Oct  6 10:24:19 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP id 52E3E15743
	for <freebsd-questions@FreeBSD.ORG>; Wed,  6 Oct 1999 10:24:07 -0700 (PDT)
	(envelope-from bright@wintelcom.net)
Received: from localhost (bright@localhost)
	by fw.wintelcom.net (8.9.3/8.9.3) with ESMTP id KAA19858;
	Wed, 6 Oct 1999 10:41:50 -0700 (PDT)
Date: Wed, 6 Oct 1999 10:41:50 -0700 (PDT)
From: Alfred Perlstein <bright@wintelcom.net>
To: Shaun <scopplestone@wiznet.ca>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: NATD question
In-Reply-To: <000c01bf1019$258fc870$153952d1@ntwkstn.wiznet.ca>
Message-ID: <Pine.BSF.4.05.9910061039000.8080-100000@fw.wintelcom.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Wed, 6 Oct 1999, Shaun wrote:

> Question....
> 
> 	I am trying to use NATD to route a subnet of 8 IP addresses using
> redirect_address.  It works going in but when coming out NATD uses port
> translation on the IP address assigned to the NAT box.
> 
> For example:
> 
> 	The NAT box has a IP address of (say) 192.168.0.10 outside interface,
> inside interface 10.1.1.1
> 	a subnet of 192.168.200.216 -> 223 is routed to the above ip address by
> static routes
> 
> 	I have created a natd.conf file containing all the direct translations
> using redirect_address.
> I can telnet into say 192.168.200.217 and get redirected correctly to
> 10.1.1.217, but when 10.1.1.217 telnets out, its address is shown as
> 192.168.0.10 instead of 192.168.200.217.  Which tells me that port
> translation is working instead of nat.
> 
> 	Does NATD work with subnets or only full /24's?  I currently have this
> working on another NAT box using a class C.

I'm unsure what you mean, you're giving examples with reserved IP
blocks but yet I get the impression that you want these IPs to be
able to get past natd unmolested, (that you really are not using
reserved IPs) I think the simplest way to accomplish this would be
to add the -unregistered_only flag to natd, or insert an ipfw rule
before your divert rule giving free access to machines coming from
your internal interface.

-Alfred



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message