From owner-freebsd-net  Wed Mar  7 13:30: 3 2001
Delivered-To: freebsd-net@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id 6BDC937B71A
	for <freebsd-net@FreeBSD.ORG>; Wed,  7 Mar 2001 13:29:58 -0800 (PST)
	(envelope-from nick@rogness.net)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f27Lw5Q30335;
	Wed, 7 Mar 2001 15:58:05 -0600 (CST)
	(envelope-from nick@rogness.net)
Date: Wed, 7 Mar 2001 15:58:05 -0600 (CST)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: Peter Brezny <peter@black.purplecat.net>
Cc: freebsd-net@FreeBSD.ORG
Subject: Re: natd - static nat on multiple aliased ip's
In-Reply-To: <Pine.BSF.4.21.0103071515540.20531-100000@cody.jharris.com>
Message-ID: <Pine.BSF.4.21.0103071552530.28912-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 7 Mar 2001, Nick Rogness wrote:


	ACK!  I read your email wrong.  I responded with the correct
	reply...please void the message below.

> > 
> > Won't your example below show all outbound traffic from the same
> > external ip, the ip that natd uses?
> > 
> 
> 	Yes and No, if the internal machine does not have a
> 	redirect_address statement in natd.conf then it will use the
> 	global interface or alias address outside the firewall. If
> 	redirect_address is used then the internal address carries
> 	redirect_address mapped external address when it goes outside the
> 	firewall.
> 
> > I'd like to have the outbound traffic from internal range a.a.a.a have
> > one external ip and the outbound traffic from internal range b.b.b.b
> > have another external ip.
> 	Um, you can...but it is very complex with one interface.  I'll try
> 	to explain why.  Packets arrive and get translated to inside
> 	addresses...everything fine at this point...packet gets delivered
> 	to the inside machine...still no problem...but how does the
> 	packet on the return from the internal machine know which address
> 	to translate to when leaving the machine?  Usually, it is
> 	seperate interface, which the ipfw divert rule is running on...and
> 	even then it is very tricky.
> 
> 	If you search the archives back a couple of days, I gave an
> 	exmaple of how you would approach a problem like this.
> 
> 
> Nick Rogness <nick@rogness.net>
> - Keep on routing in a Free World...  
>   "FreeBSD: The Power to Serve!"
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
> 

Nick Rogness <nick@rogness.net>
- Keep on routing in a Free World...  
  "FreeBSD: The Power to Serve!"



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message