From owner-freebsd-questions@FreeBSD.ORG Sat Jun 12 19:12:19 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 032D516A4CE for ; Sat, 12 Jun 2004 19:12:19 +0000 (GMT) Received: from pursued-with.net (adsl-66-125-9-244.dsl.sndg02.pacbell.net [66.125.9.244]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA05C43D46 for ; Sat, 12 Jun 2004 19:12:18 +0000 (GMT) (envelope-from freebsd@pursued-with.net) Received: from [10.0.0.42] (babelfish.pursued-with.net [10.0.0.42]) by pursued-with.net (Postfix) with ESMTP id C44EA18CB6D; Sat, 12 Jun 2004 12:11:01 -0700 (PDT) In-Reply-To: <20040612164622.GE392@crom.vickiandstacey.com> References: <20040612164622.GE392@crom.vickiandstacey.com> Mime-Version: 1.0 (Apple Message framework v618) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <3E86B392-BCA4-11D8-8DC5-000A95D7C3C6@pursued-with.net> Content-Transfer-Encoding: 7bit From: Kevin Stevens Date: Sat, 12 Jun 2004 12:11:01 -0700 To: Stacey Roberts X-Mailer: Apple Mail (2.618) cc: freebsd-questions@FreeBSD.ORG Subject: Re: NAT vs Public IP Range info needed, please X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jun 2004 19:12:19 -0000 On Jun 12, 2004, at 09:46, Stacey Roberts wrote: > The ISP's DSL package includes 8 static ip addresses: - > 1 - network addr > 1 - broadcast addr > 1 "router" address > 5 usable ip addresses > The -redirect_address syntax is as follows: > -redirect_address localIP publicIP > localIP The internal IP address of the LAN client. > publicIP The external IP address corresponding to the LAN > client. > What I would like to know is if it is possible to do to following: - > Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6, > 1.1.1.7 & 1.1.1.8 > 1] G'Way host is assigned its own public IP - 1.1.1.3 > 2] LAN hosts' (all) traffic is NAT'd using one of the other public > IP's - 1.1.1.4 > 3] Remaining 4 public IP addresses are left to be used other purposes > (eg: "true" address redirection to a DMZ-host, that is not a member of > the internal LAN subnet) Not sure I understand (it would help if you used a real public /29 to illustrate, your example doesn't follow legal subnet rules). in 1) above, the gateway host ip has to come out of the usable address pool, which you designate .4 - .8. So in 1) you could have the gateway IP as .4. In 2) You have .5 assigned for many-one NATing (in the Linux world they'd call this ip masquerading). In 3) you'd have THREE public addressed left that could be used for one-one NAT. > As you see, the g'way's public ip is not being used for NAT'ing > internal hosts' outgoing traffic, but another ip from within the > assignied public ip address range. My reading of the NAT chapter does > not suggest that there is a way to define the public IP with which > traffic is to be translate. Is this functionality not supported, or > have I missed something when reading the various sections? It is AFAIK, they just don't use it in the example. KeS