From owner-freebsd-questions Wed Sep 20 1:23:57 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.hypostasis.com (p22.pool1.staticadsl.iconz.net.nz [210.48.81.22]) by hub.freebsd.org (Postfix) with ESMTP id 6806537B422 for ; Wed, 20 Sep 2000 01:23:54 -0700 (PDT) Received: from amethyst.hypostasis.com (amethyst.hypostasis.com [192.168.2.2]) by mail.hypostasis.com (8.11.0/8.11.0) with ESMTP id e8K88ws19099; Wed, 20 Sep 2000 20:08:58 +1200 (NZST) (envelope-from kit@amethyst.hypostasis.com) Received: (from kit@localhost) by amethyst.hypostasis.com (8.11.0/8.11.0) id e8K8T0j23704; Wed, 20 Sep 2000 20:29:00 +1200 (NZST) (envelope-from kit) Date: Wed, 20 Sep 2000 20:29:00 +1200 From: kit To: Kanji T Bates Cc: freebsd-questions@FreeBSD.ORG Subject: Re: internal to internal via natd extenal redirect_port Message-ID: <20000920202900.A23232@amethyst.hypostasis.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from bates@jurai.net on Wed, Sep 20, 2000 at 02:37:42AM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Sep 20, 2000 at 02:37:42AM -0400, Kanji T Bates wrote: > I'm having great difficulty trying to get any of my internal machines to > talk to services handled via a natd redirect_port even though boxes coming > at me from my external interface have no problems whatsoever. > > Is there anyway for me to get around this so that I could (for example) > have box 10.10.10.10 could reach the web server running on 10.10.10.20 via > the nats external IP of 192.168.0.1 ? > > TIA. > > --k. Presumable you are running a gateway /firewall with 10.10.10.254 (say) as the internal interface, and 192.168.0.1 as the external. One solution is the run natd on the internal interface as well and /or set the firewall rules to redirect traffic destined for the IP and port when it comes in via your internal interface My solution was to run 2 nameds one listening on the internal interface and the other on the external for real world queries. This gives me overlapping namespaces so that I can refer to the appropriate machine by name from where ever I want and get to the same place. (I gave up on the 2 natds when I reconsidered my problem) I found I prefered the inelegance of 2 nameds to the inelegance of separate namespaces. I'll have to give BIND 9 a go, for its finer control over who has access to what. --kit To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message