Date: Fri, 26 Dec 2003 17:02:44 -0600 From: "Micheal Patterson" <micheal@tsgincorporated.com> To: <beantaxi@yahoo.com>, "freebsd" <freebsd-questions@freebsd.org> Subject: Re: natd.conf problem (was: natd problem (but close!) ) Message-ID: <bd5f01c3cc04$635a65b0$0201a8c0@dredster> References: <20031226220558.13042.qmail@web40402.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "The Bean" <beantaxi@yahoo.com> To: "Micheal Patterson" <micheal@tsgincorporated.com>; "freebsd" <freebsd-questions@freebsd.org> Sent: Friday, December 26, 2003 4:05 PM Subject: Re: natd.conf problem (was: natd problem (but close!) ) > > Um. How many real IP's you have sitting on XL0? > > > > If it's only one, you don't to redirect_address on it otherwise, it will > > lose internet access itself since all return traffic will go to the internal > > address. If you have multiple IP's on xl0, redirect one of the aliased IP's > > to the internal system. Otherwise, use redirect_port instead. > > I have 1 real IP sitting on xl0 on the gateway, and 1 real IP sitting > on xl0 on the client (they both use xl0, coincidentally). The gateway's > xl0 is configured for public IP xx.yy.zz.187 -- however, I'm doing > redirect_address on xx.yy.zz.186, which isn't assigned to any interface. > I suppose that's why my gateway could still access the Internet even though > I had a redirect_address on. > > Hmmmm, I'm starting to feel like I've been misunderstanding how to > use redirect_address . . . could it be that if I want to redirect a > public IP to an interal host on my LAN, I must create an alias for that IP > on the gateway's external interface? That would make sense -- otherwise, the NIC > wouldn't know to use it. > > If so, where would I have read this? I'm not saying it's undocced; I'm sure it is, > and so I'm wondering what I misread! > > Thanks Micheal -- I look forward to being educated. > - T.B. You're getting the idea. You're trying to set up a static nat configuration instead of a dynamic nat. Dynamic NAT uses one IP for all traffic from the internal systems. Perhaps I should've stated it this way first, my bad. For Static Nat setups, a gateway has to have the redirected IP associated with it's external nic. It's best if this is an aliased IP so that no traffic to the gateway is lost. Then redirect that address to the internal system. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html specifically, section 19.13.5 Address Redirection describes this best. "Address redirection is useful if several IP addresses are available, yet they must be on one machine. With this, natd(8) can assign each LAN client its own external IP address. natd(8) then rewrites outgoing packets from the LAN clients with the proper external IP address and redirects all traffic incoming on that particular IP address back to the specific LAN client. This is also known as static NAT" -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bd5f01c3cc04$635a65b0$0201a8c0>