Date: Thu, 05 Mar 1998 18:06:50 +0000 From: "Aaron D. Gifford" <agifford@infowest.com> To: questions@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: natd and range of IPs??? Message-ID: <34FEE9BA.B5DCED3E@infowest.com>
next in thread | raw e-mail | index | archive | help
Hello, Assuming I compile my kernel with IPFIREWALL and IPDIVERT, then use the following rc.firewall and natd.conf files, is it possible to use a FreeBSD host as a network address translator using only a single ethernet card? For example, I would like to translate the public IP network AA.BB.CC.72/29 (with only 5 hosts) to the internal netowrk 192.168.33.8/29. Assume my FreeBSD host has public IP address AA.BB.CC.73 and the internal network address of 192.168.33.9. The internal machines use this .9 address as the default gateway. I setup my ethernet NIC as follows: # Set up my public IP address: ifconfig de0 inet AA.BB.CC.73 netmask 255.255.255.248 # Set up my aliases: ifconfig de0 inet AA.BB.CC.74 netmask 255.255.255.255 alias ifconfig de0 inet AA.BB.CC.75 netmask 255.255.255.255 alias ifconfig de0 inet AA.BB.CC.76 netmask 255.255.255.255 alias ifconfig de0 inet AA.BB.CC.77 netmask 255.255.255.255 alias ifconfig de0 inet AA.BB.CC.78 netmask 255.255.255.255 alias # Set up my internal private IP address: ifconfig de0 inet 192.168.33.9 netmask 255.255.255.248 alias I set up ipfw as follows: # Flush everything /sbin/ipfw flush # Don't divert traffic intended for me /sbin/ipfw add 90 skipto 110 all from any to AA.BB.CC.73 /sbin/ipfw add 91 skipto 110 all from 192.168.33.8/29 to 192.168.33.9 # Don't divert traffic to the network address /sbin/ipfw add 92 skipto 110 all from any to AA.BB.CC.72 /sbin/ipfw add 93 skipto 110 all from 192.168.33.8/29 to 192.168.33.8 # Don't divert traffic to the broadcast address /sbin/ipfw add 94 skipto 110 all from any to AA.BB.CC.79 /sbin/ipfw add 95 skipto 110 all from 192.168.33.8/29 to 192.168.33.15 # DO divert remaining traffic to the public network AA.BB.CC.72/29 /sbin/ipfw add 100 divert natd all from any to AA.BB.CC.72/29 # DO divert remaining traffic from the private network 192.168.33.8/29 /sbin/ipfw add 101 divert natd all from 192.168.33.8/29 to any # Permit all other stuff: /sbin/ipfw add 110 permit all from any to any I start natd with the -config /etc/natd.conf flag and setup natd.conf thus: log yes same_ports yes redirect_address 192.168.33.10 AA.BB.CC.74 redirect_address 192.168.33.11 AA.BB.CC.75 redirect_address 192.168.33.12 AA.BB.CC.76 redirect_address 192.168.33.13 AA.BB.CC.77 redirect_address 192.168.33.14 AA.BB.CC.78 redirect_address AA.BB.CC.74 192.168.33.10 redirect_address AA.BB.CC.75 192.168.33.11 redirect_address AA.BB.CC.76 192.168.33.12 redirect_address AA.BB.CC.77 192.168.33.13 redirect_address AA.BB.CC.78 192.168.33.14 And /etc/services: natd 6668/divert # Network Address Translation socket Would something like this work? Did I miss something? Is there an easier way? Any suggestions at all? I would basically like to map traffic ip<=>ip so that incoming traffic for AA.BB.CC.74 always goes to 192.168.33.10 and the reverse would be true for outgoing traffic. Thanks in advance! Sincerely, Aaron Gifford To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34FEE9BA.B5DCED3E>