From owner-freebsd-questions Wed Feb 21 0:48:14 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 9B31537B401 for ; Wed, 21 Feb 2001 00:48:11 -0800 (PST) (envelope-from cjc@rfx-216-196-73-168.users.reflexcom.com) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Wed, 21 Feb 2001 00:45:59 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f1L8lm482546; Wed, 21 Feb 2001 00:47:48 -0800 (PST) (envelope-from cjc) Date: Wed, 21 Feb 2001 00:47:46 -0800 From: "Crist J. Clark" To: "Brent B.Powers" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: With natd server, can't hit my own static IP's Message-ID: <20010221004746.Y62368@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from powers@b2pi.com on Tue, Feb 20, 2001 at 09:59:52PM -0800 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Feb 20, 2001 at 09:59:52PM -0800, Brent B.Powers wrote: [snip] > | | |-- 192.168.1.0 > | | | > | alias xxx.xxx.xxx.0 | |-- 192.168.1.1 > | alias xxx.xxx.xxx.1 | | > | alias xxx.xxx.xxx.2 | |-- 192.168.1.2 > | alias xxx.xxx.xxx.3 | | > | alias xxx.xxx.xxx.4 | |-- 192.168.1.3 > | alias xxx.xxx.xxx.5 | | > | alias xxx.xxx.xxx.6 | |-- 192.168.1.4 > [INET] --- | DE0 xxx.xxx.xxx.7 RL0 |----[]-| > | | |-- 192.168.1.5 > | | | > | | |-- 192.168.1.6 > | | | > | | |-- 192.168.1.7 > > Unfortunately, I've just noticed that I can't get to my own servers, > i.e. If I'm sitting at the console of, say, 192.168.1.4, and the whole > world knows that my webserver is at xxx.xxx.xxx.6. However, I can't > get there. If I try to touch anything other than .7, I get .7 (so my > webserver isn't found, for instance). *groan* Another natd(8) one I should write up for the FAQ... Too late to do it tonight. I am pretty sure this one is at one of the independent websites, graveconcern, bsddiary? > I realize this is muddled, but I can't quite figure out how to > clarify. Your patience is appreciated. Does anyone have any ideas on > how I can get the natd to work on both interfaces of the gateway? It looks like you realize what the problem is. You are not running natd(8) on the internal interface so your packets headed to the gateway IP are accepted by the gateway machine instead of being processed by natd(8). There are two main approaches, split-DNS or running another natd(8) (or similar program) on the internal interface. Split-DNS means your internal machines will see hostnames already mapped to the internal IPs. To run another natd(8), run another instance of natd on the internal interface diverting to a different port. e.g., ipfw add divert 8669 from 192.168.1.0/24 to xxx.xxx.xxx.0/29 via rl0 And run the second natd, # natd -f /etc/natd_internal.conf # cat natd_internal.conf interface rl0 port 8669 redirect_address 192.168.1.1 xxx.xxx.xxx.1 . . . Something like that. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message