Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 22 Nov 1997 02:32:20 +0000
From:      Brian Somers <brian@awfulhak.org>
To:        Ben Hockenhull <benh@blues.jpj.net>
Cc:        questions@freebsd.org
Subject:   Re: NAT+registered networks 
Message-ID:  <199711220232.CAA05112@awfulhak.demon.co.uk>
In-Reply-To: Your message of "Thu, 20 Nov 1997 10:09:18 EST." <Pine.BSI.3.95.971120100808.11183B-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
> I'm attempting to use a FreeBSD box to assist in my transition from
> registered addresses to unregistered addresses.  I have approx 1000 nodes
> with registered addresses that will be, over time, switched to addresses
> in the 10.x.x.x range.
> 
> So, what I need to do is put this FreeBSD box in front of everything until
> the entire thing is transitioned. The external interface is a registered
> address, and the internal interface has both an unregistered and a
> registered address assigned to it.  What it needs to do is to NAT
> unregistered addresses and pass registered addresses.  Will this work?  I
> can get unregistered addresses on the 192.168.x.x network to NAT fine;
> it's the registered address passing and NAT of 10.x.x.x addresses that
> does not work.  Any ideas?
> 
> /etc/natd.conf:
> 
> unregistered_only yes
> alias_address 199.217.x.x
> log yes
> 
> /etc/rc.firewall:
> 
> /sbin/ipfw -f flush
> /sbin/ipfw add 3000 divert 6668 all from 10.0.0.0/8 to any via ep0
> /sbin/ipfw add 4000 divert 6668 all from any to 10.0.0.0/8 via ep1
> /sbin/ipfw add 65000 pass all from any to any

If your Internet interface is ep0, then the divert lines should be

/sbin/ipfw add 3000 divert 6668 all from 10.0.0.0/8 to any via ep0
/sbin/ipfw add 4000 divert 6668 all from any to 10.0.0.0/8 via ep0

although I guess the line with ep1 would suffice if it sees all of 
the 10/8 traffic that passes through ep0.

Apart from that, the unregistered_only option treats 10.0.0.0/8, 
172.16.0.0/16 and 192.168.0.0/16 in exactly the same way 
(see /usr/src/lib/libalias/alias.c).

> 
> Thanks for any help.
> 
> Ben
> 
> --
> Ben Hockenhull
> benh@jpj.net
> 
> 

-- 
Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
      <http://www.Awfulhak.org>;
Don't _EVER_ lose your sense of humour....

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711220232.CAA05112>