From owner-freebsd-questions Wed Feb 2 8:50:21 2000 Delivered-To: freebsd-questions@freebsd.org Received: from relay.ucb.crimea.ua (UCB-Async4-CRISCO.CRIS.NET [212.110.129.130]) by builder.freebsd.org (Postfix) with ESMTP id AF0BB4095 for ; Wed, 2 Feb 2000 08:50:08 -0800 (PST) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id SAA99837 for questions@FreeBSD.org; Wed, 2 Feb 2000 18:49:47 +0200 (EET) (envelope-from ru) Received: from mug.adhesivemedia.com (mug.adhesivemedia.com [207.202.159.73]) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) with ESMTP id SAA96867 for ; Wed, 2 Feb 2000 18:38:06 +0200 (EET) (envelope-from philip@adhesivemedia.com) Received: from localhost (philip@localhost) by mug.adhesivemedia.com (8.9.3/8.9.3) with ESMTP id IAA43876; Wed, 2 Feb 2000 08:39:20 -0800 (PST) (envelope-from philip@adhesivemedia.com) Date: Wed, 2 Feb 2000 08:39:20 -0800 (PST) From: Philip Hallstrom To: Ruslan Ermilov Cc: "Crist J. Clark" Subject: Re: Running natd on multiple interfaces??? In-Reply-To: <20000202120352.A36865@relay.ucb.crimea.ua> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I got it working... my firewall rule was only grabbing half of the packets which was causing problems... I didn't use -reverse though, just did it normally. Works great! (I got tired of maintaining an "internal master dns" an an "external master dns" server). :) Thanks! On Wed, 2 Feb 2000, Ruslan Ermilov wrote: > On Tue, Feb 01, 2000 at 10:34:19AM -0800, Philip Hallstrom wrote: > > Hi - > > I have a rather strange question which needs some explaining. I > > need to run natd on two interfaces and can't get it to work right. > > > > Here's my situation: > > > > > > firewall: > > - ed0: 1.2.3.4, 1.2.3.5 (alias). External interface. > > - xl0: 10.0.0.1. Internal interface with my desktops on it. > > - xl1: 10.1.0.1. Internal interface with my servers. > > - natd is setup to redirect 1.2.3.5 to 10.1.0.2 (my www server). > > > > > > Here's my problem. DNS is setup so that www->1.2.3.5. This will not work > > from machines on the xl0 interface since natd only redirects traffic > > coming into ed0. On xl0, 1.2.3.5 ends up at my firewall, not my www > > server. (I know I can run "fix" this with some fancy DNS, but it won't > > really solve my problem) > > > > How can I setup natd to run on xl0 and *only* have it redirect 1.2.3.5 to > > 10.1.0.2? Is that possible? I tried several different combinations of > > options (including -reverse, -proxy_only, -n xl0, -redirect_addres ....) > > but couldn't get any of it to work. > > I would prefer not to have the IP's "behind" xl0 get remapped to > > 10.0.0.1 if I can help it. > > > 1. Add the following firewall rules: > > divert XXX ip from any to 1.2.3.5 in via xl0 > divert XXX ip from 10.1.0.2 to any out via xl0 > > where XXX is some divert(4) port on which second natd(8) will be run. > > > 2. Start second natd(8) the following way: > > natd -p XXX -n xl0 -reverse -redirect_address 10.1.0.2 1.2.3.5 > > > 3. If this does not work, please add the `log' keyword to the ipfw(8) > rules in step 1, and `-v' flag to natd(8) in step 2. script(1) > output from natd(8), make a connection to 1.2.3.5 from somewhere > behind xl0, and send me the output of natd(8) and dmesg(8) output > from the ipfw(8) rules in step 1. > > > -- > Ruslan Ermilov Sysadmin and DBA of the > ru@ucb.crimea.ua United Commercial Bank, > ru@FreeBSD.org FreeBSD committer, > +380.652.247.647 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message