From owner-freebsd-questions  Sun Sep 24 22:50:28 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from greg.ad9.com (greg.ad9.com [64.161.198.140])
	by hub.freebsd.org (Postfix) with ESMTP id 477BE37B422
	for <freebsd-questions@FreeBSD.ORG>; Sun, 24 Sep 2000 22:50:23 -0700 (PDT)
Received: from greg.ad9.com (nepolon@greg.ad9.com [64.161.198.140])
	by greg.ad9.com (8.9.1a/8.9.1) with ESMTP id XAA10689;
	Sun, 24 Sep 2000 23:03:50 -0700 (PDT)
Date: Sun, 24 Sep 2000 23:03:49 -0700 (PDT)
From: Steve Lewis <nepolon@systray.com>
X-Sender: nepolon@greg.ad9.com
To: kit <kit@hypostasis.com>
Cc: Kanji T Bates <bates@jurai.net>, freebsd-questions@FreeBSD.ORG
Subject: Re: internal to internal via natd extenal redirect_port
In-Reply-To: <20000920202900.A23232@amethyst.hypostasis.com>
Message-ID: <Pine.BSF.4.05.10009242254190.10677-100000@greg.ad9.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 20 Sep 2000, kit wrote:

> On Wed, Sep 20, 2000 at 02:37:42AM -0400, Kanji T Bates wrote:
> > I'm having great difficulty trying to get any of my internal machines to
> > talk to services handled via a natd redirect_port even though boxes coming
> > at me from my external interface have no problems whatsoever.

> Presumable you are running a gateway /firewall with 10.10.10.254 (say) 
> as the internal interface, and 192.168.0.1 as the external.
> 
> One solution is the run natd on the internal interface
> as well and /or set the firewall rules to redirect traffic destined
> for the IP and port when it comes in via your internal interface

I need to do this for ONE IP in the LAN.

can someone help me break down the pieces needed to get this option
working?  separate named/namespaces are both not acceptible options, and
the only other option I can think of is to place as hosts file on each
workstation (not scalable).

thus far I have the following:

1 run second natd running on unused port for internal interface of gateway
with only a redirect to targeted machine

2 add ipfw rule following this logic:

if TCP from internal interface, and to my targeted machine, 
  divert to port of 2nd natd

am I missing anything?

--Steve



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message