From owner-freebsd-questions  Sat Dec 27 21:19:05 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id VAA18355
          for questions-outgoing; Sat, 27 Dec 1997 21:19:05 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from transbay.net (mail.transbay.net [207.105.6.2])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id VAA18345
          for <questions@freebsd.org>; Sat, 27 Dec 1997 21:19:01 -0800 (PST)
          (envelope-from ecsd@transbay.net)
Received: from synergy.transbay.net (synergy.transbay.net [207.105.6.2])
	by transbay.net (8.8.5/8.8.5) with SMTP id VAA03176;
	Sat, 27 Dec 1997 21:19:10 -0800 (PST)
Message-ID: <34A5E14E.41C67EA6@transbay.net>
Date: Sat, 27 Dec 1997 21:19:10 -0800
From: "Eric C. S. Dynamic" <ecsd@transbay.net>
Organization: TransBay.Net
X-Mailer: Mozilla 3.01Gold (X11; I; FreeBSD 2.2.1-RELEASE i386)
MIME-Version: 1.0
To: questions@freebsd.org
CC: brian@awfulhak.org
Subject: Re: NAT question(s)
References: <199712262316.XAA09295@awfulhak.demon.co.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> It really is as simple as the natd/sample/natd.test script.  All natd
> is doing is looking at the interfaces IP number, and changing all
> outgoing stuff so that the source IP is its own.  The `changing'
> involves remembering the change so that packets coming back can be
> un-NAT'd.  You don't have to tell it what you want to translate as
> it's figured out based on the direction of the packet.

I have a 'gateway' box:

{office machines} ==> ed3 (192.168.254.2)
                      ed2 (207.105.6.18) ==> Internet

I had run natd against ed3, and you're saying I should be running
natd against ed2 instead. That this should work implies the gateway
will detect packets coming from 192.168.254.X and send them out as
having come from 207.105.6.18, and then remap them properly out ed3
to the originator.

The other concern is that traffic to/from the gateway itself not be
disturbed. Evidently to eliminate this concern I should use the
"unregistered_only" option?

I wonder if natd will be able to handle the 'arbitrarily-sized' subnet
on 192.168.254.X properly, from looking at the "redirect_address"
examples in the man page. I guess less is more, I need say nothing
at all about the phony-subnet users, as you say.

Trials will tell. Thanks for the tips.