From owner-freebsd-questions@FreeBSD.ORG Fri Dec 26 15:02:40 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6516516A4CE for ; Fri, 26 Dec 2003 15:02:40 -0800 (PST) Received: from lakemtao06.cox.net (lakemtao06.cox.net [68.1.17.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D39643D45 for ; Fri, 26 Dec 2003 15:02:38 -0800 (PST) (envelope-from micheal@tsgincorporated.com) Received: from dredster ([68.12.79.37]) by lakemtao06.cox.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031226230238.WKQN24575.lakemtao06.cox.net@dredster>; Fri, 26 Dec 2003 18:02:38 -0500 Message-ID: From: "Micheal Patterson" To: , "freebsd" References: <20031226220558.13042.qmail@web40402.mail.yahoo.com> Date: Fri, 26 Dec 2003 17:02:44 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: natd.conf problem (was: natd problem (but close!) ) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Dec 2003 23:02:40 -0000 ----- Original Message ----- From: "The Bean" To: "Micheal Patterson" ; "freebsd" Sent: Friday, December 26, 2003 4:05 PM Subject: Re: natd.conf problem (was: natd problem (but close!) ) > > Um. How many real IP's you have sitting on XL0? > > > > If it's only one, you don't to redirect_address on it otherwise, it will > > lose internet access itself since all return traffic will go to the internal > > address. If you have multiple IP's on xl0, redirect one of the aliased IP's > > to the internal system. Otherwise, use redirect_port instead. > > I have 1 real IP sitting on xl0 on the gateway, and 1 real IP sitting > on xl0 on the client (they both use xl0, coincidentally). The gateway's > xl0 is configured for public IP xx.yy.zz.187 -- however, I'm doing > redirect_address on xx.yy.zz.186, which isn't assigned to any interface. > I suppose that's why my gateway could still access the Internet even though > I had a redirect_address on. > > Hmmmm, I'm starting to feel like I've been misunderstanding how to > use redirect_address . . . could it be that if I want to redirect a > public IP to an interal host on my LAN, I must create an alias for that IP > on the gateway's external interface? That would make sense -- otherwise, the NIC > wouldn't know to use it. > > If so, where would I have read this? I'm not saying it's undocced; I'm sure it is, > and so I'm wondering what I misread! > > Thanks Micheal -- I look forward to being educated. > - T.B. You're getting the idea. You're trying to set up a static nat configuration instead of a dynamic nat. Dynamic NAT uses one IP for all traffic from the internal systems. Perhaps I should've stated it this way first, my bad. For Static Nat setups, a gateway has to have the redirected IP associated with it's external nic. It's best if this is an aliased IP so that no traffic to the gateway is lost. Then redirect that address to the internal system. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html specifically, section 19.13.5 Address Redirection describes this best. "Address redirection is useful if several IP addresses are available, yet they must be on one machine. With this, natd(8) can assign each LAN client its own external IP address. natd(8) then rewrites outgoing packets from the LAN clients with the proper external IP address and redirects all traffic incoming on that particular IP address back to the specific LAN client. This is also known as static NAT" -- Micheal Patterson Network Administration TSG Incorporated 405-917-0600