Date: Sat, 12 Jun 2004 12:23:43 -0500 From: "Eric Crist" <ecrist@secure-computing.net> To: "'Stacey Roberts'" <stacey@vickiandstacey.com>, <freebsd-questions@freebsd.org> Subject: RE: NAT vs Public IP Range info needed, please Message-ID: <002501c450a2$03370d00$6601a8c0@Nomad> In-Reply-To: <20040612164622.GE392@crom.vickiandstacey.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > Hello, > I am looking to replace a proprietary DSL router/modem > with the Sangoma S518 ADSL PCI Controller, thereby placing a > FreeBSD (4.10-Stable) server running ipfw to handle access, > firewall and nat duties. > > The ISP's DSL package includes 8 static ip addresses: - > 1 - network addr > 1 - broadcast addr > 1 "router" address > 5 usable ip addresses > > I have been reading up on NAT and address redirection in the > HandBook > (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/net work-natd.html) and have come accross section 19.13.5 Address Redirection. Here it reads: The -redirect_address syntax is as follows: -redirect_address localIP publicIP localIP The internal IP address of the LAN client. publicIP The external IP address corresponding to the LAN client. In the example, this argument would read: -redirect_address 192.168.0.2 128.1.1.2 -redirect_address 192.168.0.3 128.1.1.3 What I would like to know is if it is possible to do to following: - Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6, 1.1.1.7 & 1.1.1.8 1] G'Way host is assigned its own public IP - 1.1.1.3 2] LAN hosts' (all) traffic is NAT'd using one of the other public IP's - 1.1.1.4 3] Remaining 4 public IP addresses are left to be used other purposes (eg: "true" address redirection to a DMZ-host, that is not a member of the internal LAN subnet) As you see, the g'way's public ip is not being used for NAT'ing internal hosts' outgoing traffic, but another ip from within the assignied public ip address range. My reading of the NAT chapter does not suggest that there is a way to define the public IP with which traffic is to be translate. Is this functionality not supported, or have I missed something when reading the various sections? I'd appreciate any pointers to where I might find more information that might assist me, or an explanation of what it is that I am not understanding when reading the HandBook. -------------------- Stacey, The public IP address for the gateway WILL be used for NAT'ing, if you choose to do so. In order to get things to work correctly, you're going to need three NICs installed in this machine (counting one of them as the DSL PCI card). Their use are as follows: Sis0: This is your DSL interface (probably not going to be called sis0) Sis1: This is your internal, non-DMZ interface, i.e. NAT'd. Sis2: This is your DMZ interface, i.e. non-NAT'd. If you read the man pages on NAT (man nat, iirc), you'll learn the syntax and such to use within your rc.conf file to configure the correct interfaces. When I've got more time, if you can't figure it out, I'll post a more elaborate configuration for you. HTH Eric F Crist President AdTech Integrated Systems, Inc (612) 998-3588
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002501c450a2$03370d00$6601a8c0>