From owner-freebsd-isp Thu Mar 5 10:08:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA19986 for freebsd-isp-outgoing; Thu, 5 Mar 1998 10:08:06 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from infowest.com (infowest.com [204.17.177.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA19977; Thu, 5 Mar 1998 10:08:03 -0800 (PST) (envelope-from agifford@infowest.com) Received: from infowest.com (dialup5-38.infowest.net [207.49.60.141]) by infowest.com (8.8.8/8.8.5) with ESMTP id LAA23784; Thu, 5 Mar 1998 11:07:21 -0700 (MST) Message-ID: <34FEE9BA.B5DCED3E@infowest.com> Date: Thu, 05 Mar 1998 18:06:50 +0000 From: "Aaron D. Gifford" X-Mailer: Mozilla 4.03 [en] (X11; U; FreeBSD 2.2.5-STABLE i386) MIME-Version: 1.0 To: questions@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: natd and range of IPs??? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, Assuming I compile my kernel with IPFIREWALL and IPDIVERT, then use the following rc.firewall and natd.conf files, is it possible to use a FreeBSD host as a network address translator using only a single ethernet card? For example, I would like to translate the public IP network AA.BB.CC.72/29 (with only 5 hosts) to the internal netowrk 192.168.33.8/29. Assume my FreeBSD host has public IP address AA.BB.CC.73 and the internal network address of 192.168.33.9. The internal machines use this .9 address as the default gateway. I setup my ethernet NIC as follows: # Set up my public IP address: ifconfig de0 inet AA.BB.CC.73 netmask 255.255.255.248 # Set up my aliases: ifconfig de0 inet AA.BB.CC.74 netmask 255.255.255.255 alias ifconfig de0 inet AA.BB.CC.75 netmask 255.255.255.255 alias ifconfig de0 inet AA.BB.CC.76 netmask 255.255.255.255 alias ifconfig de0 inet AA.BB.CC.77 netmask 255.255.255.255 alias ifconfig de0 inet AA.BB.CC.78 netmask 255.255.255.255 alias # Set up my internal private IP address: ifconfig de0 inet 192.168.33.9 netmask 255.255.255.248 alias I set up ipfw as follows: # Flush everything /sbin/ipfw flush # Don't divert traffic intended for me /sbin/ipfw add 90 skipto 110 all from any to AA.BB.CC.73 /sbin/ipfw add 91 skipto 110 all from 192.168.33.8/29 to 192.168.33.9 # Don't divert traffic to the network address /sbin/ipfw add 92 skipto 110 all from any to AA.BB.CC.72 /sbin/ipfw add 93 skipto 110 all from 192.168.33.8/29 to 192.168.33.8 # Don't divert traffic to the broadcast address /sbin/ipfw add 94 skipto 110 all from any to AA.BB.CC.79 /sbin/ipfw add 95 skipto 110 all from 192.168.33.8/29 to 192.168.33.15 # DO divert remaining traffic to the public network AA.BB.CC.72/29 /sbin/ipfw add 100 divert natd all from any to AA.BB.CC.72/29 # DO divert remaining traffic from the private network 192.168.33.8/29 /sbin/ipfw add 101 divert natd all from 192.168.33.8/29 to any # Permit all other stuff: /sbin/ipfw add 110 permit all from any to any I start natd with the -config /etc/natd.conf flag and setup natd.conf thus: log yes same_ports yes redirect_address 192.168.33.10 AA.BB.CC.74 redirect_address 192.168.33.11 AA.BB.CC.75 redirect_address 192.168.33.12 AA.BB.CC.76 redirect_address 192.168.33.13 AA.BB.CC.77 redirect_address 192.168.33.14 AA.BB.CC.78 redirect_address AA.BB.CC.74 192.168.33.10 redirect_address AA.BB.CC.75 192.168.33.11 redirect_address AA.BB.CC.76 192.168.33.12 redirect_address AA.BB.CC.77 192.168.33.13 redirect_address AA.BB.CC.78 192.168.33.14 And /etc/services: natd 6668/divert # Network Address Translation socket Would something like this work? Did I miss something? Is there an easier way? Any suggestions at all? I would basically like to map traffic ip<=>ip so that incoming traffic for AA.BB.CC.74 always goes to 192.168.33.10 and the reverse would be true for outgoing traffic. Thanks in advance! Sincerely, Aaron Gifford To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message