From owner-freebsd-isp@FreeBSD.ORG  Sat Jan 14 13:14:32 2006
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 61EA416A41F
	for <freebsd-isp@freebsd.org>; Sat, 14 Jan 2006 13:14:32 +0000 (GMT)
	(envelope-from b.candler@pobox.com)
Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E245943D55
	for <freebsd-isp@freebsd.org>; Sat, 14 Jan 2006 13:14:31 +0000 (GMT)
	(envelope-from b.candler@pobox.com)
Received: from thorn (localhost [127.0.0.1])
	by thorn.pobox.com (Postfix) with ESMTP id DE481AB;
	Sat, 14 Jan 2006 08:14:52 -0500 (EST)
Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com
	[212.74.113.67])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id AA6E6194C;
	Sat, 14 Jan 2006 08:14:51 -0500 (EST)
Received: from lists by mappit.local.linnet.org with local (Exim 4.60
	(FreeBSD)) (envelope-from <b.candler@pobox.com>)
	id 1ExlEi-0001OU-04; Sat, 14 Jan 2006 13:14:28 +0000
Date: Sat, 14 Jan 2006 13:14:27 +0000
From: Brian Candler <B.Candler@pobox.com>
To: Alexander <shulik_freebsd@matrixhome.net>
Message-ID: <20060114131427.GA5349@uk.tiscali.com>
References: <375DD163B075E34EA3C10A6286E34A54C1D4B5@exhsto1.se.dataphone.com>
	<43C7A18D.8060904@centtech.com> <43C7B008.8060404@matrixhome.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <43C7B008.8060404@matrixhome.net>
User-Agent: Mutt/1.4.2.1i
Cc: freebsd-isp@freebsd.org
Subject: Re: FreeBSD as Server
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Jan 2006 13:14:32 -0000

On Fri, Jan 13, 2006 at 03:50:00PM +0200, Alexander wrote:
> Now I try to configure ng_nat. I use example from man ng_nat. Clients 
> machine can ping inet hosts, but nothing loaded by http or ftp or other 
> tcp protocol. On server packet NATed by not real ip. On other server 
> under Linux this packet again NATed by real ip. What can I do with this?

Probably easier to use one of the other firewalling techniques to do NAT
rather than manually configure ng_nat.

Your other options are:
- ipfw + natd (old and venerable)
- ipf
- pf

My personal favourite is pf (which came from OpenBSD). Configuring NAT is
just one line in /etc/pf.conf.

Regards,

Brian.