From owner-freebsd-net@FreeBSD.ORG Fri Oct 12 19:21:30 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E688916A417 for ; Fri, 12 Oct 2007 19:21:30 +0000 (UTC) (envelope-from jhall@vandaliamo.net) Received: from trueband.net (director.trueband.net [216.163.120.8]) by mx1.freebsd.org (Postfix) with SMTP id 8A62113C442 for ; Fri, 12 Oct 2007 19:21:30 +0000 (UTC) (envelope-from jhall@vandaliamo.net) Received: (qmail 8889 invoked by uid 1006); 12 Oct 2007 18:54:49 -0000 Received: from jhall@vandaliamo.net by rs0 by uid 1003 with qmail-scanner-1.16 (spamassassin: 3.1.4. Clear:SA:0(-1.4/100.0):. Processed in 0.854793 secs); 12 Oct 2007 18:54:49 -0000 X-Spam-Status: No, hits=-1.4 required=100.0 X-Spam-Level: Received: from unknown (HELO trueband.net) (172.16.0.14) by -v with SMTP; 12 Oct 2007 18:54:48 -0000 Received: (qmail 14341 invoked from network); 12 Oct 2007 18:54:48 -0000 Received: from unknown (HELO admintool.trueband.net) (127.0.0.1) by -v with SMTP; 12 Oct 2007 18:54:48 -0000 Received: from 65.117.48.155 (SquirrelMail authenticated user jhall@vandaliamo.net) by admintool.trueband.net with HTTP; Fri, 12 Oct 2007 18:54:48 -0000 (GMT) Message-ID: <1598.65.117.48.155.1192215288.squirrel@admintool.trueband.net> Date: Fri, 12 Oct 2007 18:54:48 -0000 (GMT) From: jhall@vandaliamo.net To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: NAT Questions X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2007 19:21:31 -0000 I originally posted this to the FreeBSD questions mailing list, but did not receive any responses. If you are reading this for the second time, please accept my apologies. My ISP insists on handing all http traffic off to me on a separate IP address. Following is my configuration. External Interface------->Internal Interface--------> Rest of network 1.2.3.4/24 10.129.10.40/24 1.2.3.5/32 Alias 1.2.3.5/24 is the IP address all http traffic will come in on. 1.2.3.4/32 is the IP address all other traffic will come in on. Both of these addresses reside on a single NIC with 1.2.3.5 being an alias. ipnat.rules rdr 1.2.3.5/32 port 80 -> 10.129.10.49 port 80 map em1 10.129.10.0/24 -> 0.0.0.0/32 10.129.10.49 has 10.129.10.40 (my firewall) listed as its default gateway. When it responds to a request that has been forwarded, how will the firewall return the response? Will it return the request on 1.2.3.5? Thanks for your help and if any additional information is needed, please let me know. Jay