From owner-freebsd-stable  Tue Apr 18 12:34:46 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from outlier.axl.net (outlier.axl.net [216.66.11.20])
	by hub.freebsd.org (Postfix) with SMTP id 04C9637B914
	for <freebsd-stable@freebsd.org>; Tue, 18 Apr 2000 12:34:41 -0700 (PDT)
	(envelope-from matt@axl.net)
Received: (qmail 87344 invoked from network); 18 Apr 2000 19:34:37 -0000
Received: from ws-01.matthennigus.lightningdsl.net (HELO sinister) (216.66.30.66)
  by outlier.axl.net with SMTP; 18 Apr 2000 19:34:37 -0000
From: "Matthew B. Henniges" <matt@axl.net>
To: <freebsd-stable@freebsd.org>
Subject: nat redirection
Date: Tue, 18 Apr 2000 15:37:29 -0400
Message-ID: <KBEAJDGMGMDNDPICHDNHCELAEEAA.matt@axl.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Importance: Normal
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello all, thanks for reading.


I am hiding the 10.0.1.0/24 network behind a freebsd 4.0-S box, with natd.
This network is for our desktop machines.

there are 3 ips bound to the outer nic(dc0)

216.66.11.23
216.66.11.90
and
216.66.11.91

and 1 ips bound to the inner nic(dc1)
10.0.1.1

there is a w2k server on 10.0.1.200. This server is hosting some web/ftp
sites that need to be accessable to the world.

So, natd is started with:

#www and ftp mapping
redirect_port tcp 10.0.1.200:20-21 216.66.11.90:20-21
redirect_port tcp 10.0.1.200:80 216.66.11.90:80
#ftp2 mapping
redirect_port tcp 10.0.1.201:20-21 216.66.11.91:20-21


So far, so good. Heres the problem:

there are various DNS entries that point to 216.66.11.90 and 91.
If one of the clients on 10.0.1.* tries to browse/ftp to one of these, it
can't connect because the natd redirection to those only listens on the
outside nic.

What is the best way to solve this problem?

My thoughts were:

1. using some ipfw fwd rules... This seems to me like it should work,
thought I was unable to get it working.

or

2. give different replies to the 10.0.1 network than I give to everybody
else..


Anybody have any ideas?

Thanks in advance-


Matthew B. Henniges
CoPresident
Axl.net Communications
http://www.axl.net
(203) 552-1714



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message