Date: Wed, 2 Feb 2000 12:03:52 +0200 From: Ruslan Ermilov <ru@ucb.crimea.ua> To: Philip Hallstrom <philip@adhesivemedia.com> Cc: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>, questions@FreeBSD.org Subject: Re: Running natd on multiple interfaces??? Message-ID: <20000202120352.A36865@relay.ucb.crimea.ua> In-Reply-To: <20000201230004.B36064@cc942873-a.ewndsr1.nj.home.com>; from Crist J. Clark on Tue, Feb 01, 2000 at 11:00:04PM -0500 References: <Pine.BSF.4.10.10002011032430.39820-100000@mug.adhesivemedia.com> <20000201230004.B36064@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 01, 2000 at 10:34:19AM -0800, Philip Hallstrom wrote: > Hi - > I have a rather strange question which needs some explaining. I > need to run natd on two interfaces and can't get it to work right. > > Here's my situation: > > > firewall: > - ed0: 1.2.3.4, 1.2.3.5 (alias). External interface. > - xl0: 10.0.0.1. Internal interface with my desktops on it. > - xl1: 10.1.0.1. Internal interface with my servers. > - natd is setup to redirect 1.2.3.5 to 10.1.0.2 (my www server). > > > Here's my problem. DNS is setup so that www->1.2.3.5. This will not work > from machines on the xl0 interface since natd only redirects traffic > coming into ed0. On xl0, 1.2.3.5 ends up at my firewall, not my www > server. (I know I can run "fix" this with some fancy DNS, but it won't > really solve my problem) > > How can I setup natd to run on xl0 and *only* have it redirect 1.2.3.5 to > 10.1.0.2? Is that possible? I tried several different combinations of > options (including -reverse, -proxy_only, -n xl0, -redirect_addres ....) > but couldn't get any of it to work. > I would prefer not to have the IP's "behind" xl0 get remapped to > 10.0.0.1 if I can help it. > 1. Add the following firewall rules: divert XXX ip from any to 1.2.3.5 in via xl0 divert XXX ip from 10.1.0.2 to any out via xl0 where XXX is some divert(4) port on which second natd(8) will be run. 2. Start second natd(8) the following way: natd -p XXX -n xl0 -reverse -redirect_address 10.1.0.2 1.2.3.5 3. If this does not work, please add the `log' keyword to the ipfw(8) rules in step 1, and `-v' flag to natd(8) in step 2. script(1) output from natd(8), make a connection to 1.2.3.5 from somewhere behind xl0, and send me the output of natd(8) and dmesg(8) output from the ipfw(8) rules in step 1. -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000202120352.A36865>