From owner-freebsd-questions@FreeBSD.ORG Thu Sep 2 14:12:58 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D775A16A4CE for ; Thu, 2 Sep 2004 14:12:58 +0000 (GMT) Received: from pearl.ibctech.ca (dev.eagle.ca [209.167.58.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8472F43D48 for ; Thu, 2 Sep 2004 14:12:57 +0000 (GMT) (envelope-from iaccounts@ibctech.ca) Received: (qmail 46369 invoked by uid 1002); 2 Sep 2004 14:14:10 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (clamscan: 0.73. spamassassin: 2.64. Clear:RC:1(127.0.0.1):. Processed in 1.966439 secs); 02 Sep 2004 14:14:10 -0000 Received: from unknown (HELO webmail.ibctech.ca) (127.0.0.1) by localhost.ibctech.ca with SMTP; 2 Sep 2004 14:14:07 -0000 Received: from 209.167.16.15 (SquirrelMail authenticated user steve@ibctech.ca); by webmail.ibctech.ca with HTTP; Thu, 2 Sep 2004 10:14:07 -0400 (EDT) Message-ID: <1966.209.167.16.15.1094134447.squirrel@209.167.16.15> In-Reply-To: <20040902034920.M23017@pc-remedies.net> References: <20040902034920.M23017@pc-remedies.net> Date: Thu, 2 Sep 2004 10:14:07 -0400 (EDT) From: "Steve Bertrand" To: "Shawn" User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal cc: freebsd questions Subject: Re: port redirection from 2 public ips -> natd to a single service. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Sep 2004 14:12:59 -0000 > I'm using natd and doing port redirection with a natd.conf file. I > have a > mission to accomplish this week last sec. O NO... Ok, off the top of the head... Can you run a separate instance of natd, on a separate port, and use IPFW to properly filter? For instance: ipfw 10 divert 8669 all from any to $secondIP # 2nd instance natd ipfw 20 divert 8668 all from any to any out via $outside_interface ipfw 30 divert 8669 all from $mailserver to any out via $outside_if ipfw 40 divert 8668 all from any to any in via $outside_interface natd could be started like this (for the standard natting): # /usr/sbin/natd -a primary_ip and the second instance (for the mail server) # /usr/sbin/natd -a secondary_ip -i 8669 -redirect_port 10.0.0.10:25 25 etc..etc. I have no idea if this will actually work, but it sounds good in my head as far as theory is concerned. Steve > > We have to change our IP address on the mail server and they run this > mail > server off a windows machine.. (placeing the windows machine one the > Internet > with out firewall is out of the question) we need 2 public IP > addresses to > redirect to a single machine behind them. > > The firewall in place now allows DMZ hosting. However, it will not > allow us to > alias an address outside of its network. > > plan is to place a freebsd machine in the middle and configure natd > with ipfw > and so on... well we got the machine working as the gateway and > redirected > traffic for 110 and 25. as well as a test port 8384. That was great.. > more > like a good time!! ;-) well the challenge was to alias an address to > the > public interface and see if that would work. results are .. > > we could see port redirection working on the Primary address and not > the > secondary. all though the machine was responding for both IPs. (made > connections to the freebsd machine on both IPs) Just the port > forwarding would > not work. > > > we also tried placing the IP address where we had the interface name > to enable > nat and listed it twice. one for each address. > > same results.. > > we then tried to place another physical interface into the machine and > muk > with nat in that way. no luck... to be honest the brain had series > pain at the > moment and I cant remember much more.. > > Wondering if there is someone out there who maybe able to answer this > one or > place me ina direction. This could save a us from a future migraine > from the > ear full we will get.. hehe :-) > > Thanks for your time.. > > Shawn > > "PC's are like air conditioners.. They are both useless with windows > open!!!!" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >