From owner-freebsd-questions Sat Mar 11 19:51:26 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail3.one.net (mail3.one.net [206.112.192.120]) by hub.freebsd.org (Postfix) with ESMTP id A81CB37BC85 for ; Sat, 11 Mar 2000 19:51:16 -0800 (PST) (envelope-from carleton@one.net) Received: from port-4-195.adsl.one.net ([216.2.1.195] EHLO miltonstreet.com ident: IDENT-NOT-QUERIED [port 43516]) by mail2.one.net with ESMTP id <20443-15528>; Sat, 11 Mar 2000 22:51:09 -0500 Message-ID: <38CB13D0.AB1EE916@miltonstreet.com> From: Sam Carleton X-Mailer: Mozilla 4.7 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD Questions Subject: Re: ipfw is not working References: <38C9D32F.E8F2254A@miltonstreet.com> <20000311123542.B23514@cc942873-a.ewndsr1.nj.home.com> <38CA9F0F.8A8F89F5@miltonstreet.com> <20000311172441.B24340@cc942873-a.ewndsr1.nj.home.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sat, 11 Mar 2000 22:51:07 -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "Crist J. Clark" wrote: > > Wait a second here. My understanding is that NAT and IP Masquerading are > > different. From my understanding, with IP Masq there only needs to be one valid > > IP address, that on the external card of the firewall. With IP Masq gives all > > out going requests the one external IP address. With NAT, there needs to be one > > external IP address for every machine that wants to get to the Internet. > > Considering most folks at home only have one external IP address, they would > > want to use IP Masq. I have also heard IP Masq called PAT. > > > > Looking at page 506 of the 3rd edition of "The Complete FreeBSD", it looks like > > FreeBSD uses the terminology IP aliasing for what Linux folks call IP Masq. Am > > I correct? > > No. NAT only needs one registered IP address on the external > interface. If it required a one-to-one mapping, it'd be rather > useless. See the natd(8) manpage. Also see RFC 1631 and other RFCs > related to NAT if interested. (BTW, there are no RFCs about "IP > masquerading." No idea if there are differences.) Crist, A one-to-one mapping is not useless, that is what I want to do at home for part of my network. I have aDSL, my telephone company allows me to have four machines on the Internet at once, so I have an IP mask of 255.255.255.248. I want to have three different physical servers of sorts on the web, along with the a few workstations. I want all the machines to be protected by a firewall. I figured I would set the servers on a 172.16.0.1 and have FreeBSD do a one-to-one NAT from the 172.16.0.x to the external addresses. I would also have a third NIC in the FreeBSD box on a 192.168.0.x, doing a one-to-many NAT for the workstations. I have a good grip on the consept of the firewall, but never worked with the one-to-one NAT, can you recommend any good books? Sam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message