From owner-freebsd-questions  Thu Jul 29  1:32:14 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.128.198])
	by hub.freebsd.org (Postfix) with ESMTP
	id B6579154FD; Thu, 29 Jul 1999 01:31:58 -0700 (PDT)
	(envelope-from brian@Awfulhak.org)
Received: from keep.lan.Awfulhak.org (localhost [127.0.0.1])
	by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id JAA31355;
	Thu, 29 Jul 1999 09:30:39 +0100 (BST)
	(envelope-from brian@Awfulhak.org)
Received: from keep.lan.Awfulhak.org (brian@localhost.lan.Awfulhak.org [127.0.0.1])
	by keep.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id JAA00666;
	Thu, 29 Jul 1999 09:15:52 +0100 (BST)
	(envelope-from brian@keep.lan.Awfulhak.org)
Message-Id: <199907290815.JAA00666@keep.lan.Awfulhak.org>
X-Mailer: exmh version 2.0.2 2/24/98
To: wayne@crb-web.com
Cc: FreeBSD Questions <freebsd-questions@FreeBSD.org>, ru@FreeBSD.org
Subject: Re: help w/ NATD rules on aliased ip address 
In-reply-to: Your message of "Wed, 28 Jul 1999 23:06:16 EDT."
             <Pine.LNX.3.95.990728225815.10767A-100000@crb.crb-web.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 29 Jul 1999 09:15:50 +0100
From: Brian Somers <brian@FreeBSD.org.uk>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> I wish to use NATD on a computer with single interface card in it.  I have
> looked in the handbook and "The Complete FreeBSD" but neither have information
> pertaining to this particular information.  I am currently running linux as a
> natbox in this configuration but wish to switch it to freebsd.
> 
> If anyone could help me with the natd switches and the ipfw rules I would
> greatly appreciated it.
> 
> Here is my configuration:
> 
> 	public interface 207.196.47.5 netmask 255.255.255.240
> 	interface on private network 10.0.0.50
> 		netmask of private network 255.255.255.0
> 
> I have tried natd -u -a 207.196.47.5 but this did not seem to work.  I saw
> natd viewing the packets on debug but it did not translate them and they went 
> nowhere.

I *think* this is possible, but with some odd ipfw lines - something 
like:

ipfw add pass        all from 10.0.0.0/8 to 207.196.47.5 in
ipfw add divert natd all from 10.0.0.0/8 to any out
ipfw add divert natd all from any to 207.196.47.5 in

The idea is to ensure that natd isn't given each packet twice.
If this works, I'd suggest it's added to the man page.

> thanks in advance,
> Wayne

-- 
Brian <brian@Awfulhak.org>                        <brian@FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour !          <brian@FreeBSD.org.uk>




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message