From owner-freebsd-questions@FreeBSD.ORG Sat Jun 12 16:46:54 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2221916A4D3 for ; Sat, 12 Jun 2004 16:46:54 +0000 (GMT) Received: from pythagoras.zen.co.uk (pythagoras.zen.co.uk [212.23.3.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 922F243D4C for ; Sat, 12 Jun 2004 16:46:53 +0000 (GMT) (envelope-from stacey@vickiandstacey.com) Received: from [82.68.31.179] (helo=crom.vickiandstacey.com) by pythagoras.zen.co.uk with esmtp (Exim 4.30) id 1BZBeO-0001gt-7L for freebsd-questions@FreeBSD.ORG; Sat, 12 Jun 2004 16:46:36 +0000 Received: from crom.vickiandstacey.com (localhost [127.0.0.1]) i5CGkRtf069334 for ; Sat, 12 Jun 2004 17:46:32 +0100 (BST) (envelope-from stacey@crom.vickiandstacey.com) Received: (from stacey@localhost) by crom.vickiandstacey.com (8.12.11/8.12.11/Submit) id i5CGkMKl069333 for freebsd-questions@FreeBSD.ORG; Sat, 12 Jun 2004 17:46:22 +0100 (BST) (envelope-from stacey) Date: Sat, 12 Jun 2004 17:46:22 +0100 From: Stacey Roberts To: freebsd-questions@FreeBSD.ORG Message-ID: <20040612164622.GE392@crom.vickiandstacey.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="YPOU9eFKIy6Wf5kE" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-Originating-Pythagoras-IP: [82.68.31.179] Subject: NAT vs Public IP Range info needed, please X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jun 2004 16:46:54 -0000 --YPOU9eFKIy6Wf5kE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello, I am looking to replace a proprietary DSL router/modem with the Sangoma S518 ADSL PCI Controller, thereby placing a FreeBSD (4.10-Stable) server running ipfw to handle access, firewall and nat duties. The ISP's DSL package includes 8 static ip addresses: - 1 - network addr 1 - broadcast addr 1 "router" address 5 usable ip addresses I have been reading up on NAT and address redirection in the HandBook (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html) and have come accross section 19.13.5 Address Redirection. Here it reads: The -redirect_address syntax is as follows: -redirect_address localIP publicIP localIP The internal IP address of the LAN client. publicIP The external IP address corresponding to the LAN client. In the example, this argument would read: -redirect_address 192.168.0.2 128.1.1.2 -redirect_address 192.168.0.3 128.1.1.3 What I would like to know is if it is possible to do to following: - Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6, 1.1.1.7 & 1.1.1.8 1] G'Way host is assigned its own public IP - 1.1.1.3 2] LAN hosts' (all) traffic is NAT'd using one of the other public IP's - 1.1.1.4 3] Remaining 4 public IP addresses are left to be used other purposes (eg: "true" address redirection to a DMZ-host, that is not a member of the internal LAN subnet) As you see, the g'way's public ip is not being used for NAT'ing internal hosts' outgoing traffic, but another ip from within the assignied public ip address range. My reading of the NAT chapter does not suggest that there is a way to define the public IP with which traffic is to be translate. Is this functionality not supported, or have I missed something when reading the various sections? I'd appreciate any pointers to where I might find more information that might assist me, or an explanation of what it is that I am not understanding when reading the HandBook. Thanks for the time. Regards, Stacey --YPOU9eFKIy6Wf5kE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUBQMszW+dvY+8mWFvRAQG+Jwf/Yz/4iEqE3mpRBmDLC5aTpJeGcpfYDtJf U+JRyEF+weiHWVkqnA5rZFNNTSSBxrSA6m6pabFLRxgS6BLcMfcY7vNxOsKqXsCW JnxrhjcXJD9u6OYyOxLM9WGJQsu4GCVnsU16fnQAleHBuwdt0LNRIAa39Gg22TPj oPZ/swfzY1+6Y4fTqqW+VdGBpUUIXUKPf5uhn0HfFbcNOVao9qSlP0o2H1LiAQPj Fyn9+etpizxd3qgRp3wfy2TGgjyDI8Pt05sbLGpVfCKfKhRT39lBuPgDzIphxcxS 5vB1OBqo4UImTeIrPl+ffVzQDJ+34SkJv3JEAAFBMv5O0Sbrt97Myw== =9cp0 -----END PGP SIGNATURE----- --YPOU9eFKIy6Wf5kE--