Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 Jun 2004 12:11:01 -0700
From:      Kevin Stevens <freebsd@pursued-with.net>
To:        Stacey Roberts <stacey@vickiandstacey.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: NAT vs Public IP Range info needed, please
Message-ID:  <3E86B392-BCA4-11D8-8DC5-000A95D7C3C6@pursued-with.net>
In-Reply-To: <20040612164622.GE392@crom.vickiandstacey.com>
References:  <20040612164622.GE392@crom.vickiandstacey.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On Jun 12, 2004, at 09:46, Stacey Roberts wrote:

> The ISP's DSL package includes 8 static ip addresses: -
> 1 - network addr
> 1 - broadcast addr
> 1 "router" address
> 5 usable ip addresses

> The -redirect_address syntax is as follows:
> -redirect_address localIP publicIP
> localIP         The internal IP address of the LAN client.
> publicIP        The external IP address corresponding to the LAN 
> client.

> What I would like to know is if it is possible to do to following: -
> Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6, 
> 1.1.1.7 & 1.1.1.8
> 1] G'Way host is assigned its own public IP - 1.1.1.3
> 2] LAN hosts' (all) traffic is NAT'd using one of the other public 
> IP's - 1.1.1.4
> 3] Remaining 4 public IP addresses are left to be used other purposes 
> (eg: "true" address redirection to a DMZ-host, that is not a member of 
> the internal LAN subnet)

Not sure I understand (it would help if you used a real public /29 to 
illustrate, your example doesn't follow legal subnet rules).  in 1) 
above, the gateway host ip has to come out of the usable address pool, 
which you designate .4 - .8.  So in 1) you could have the gateway IP as 
.4.  In 2) You have .5 assigned for many-one NATing (in the Linux world 
they'd call this ip masquerading).  In 3) you'd have THREE public 
addressed left that could be used for one-one NAT.

> As you see, the g'way's public ip is not being used for NAT'ing 
> internal hosts' outgoing traffic, but another ip from within the 
> assignied public ip address range. My reading of the NAT chapter does 
> not suggest that there is a way to define the public IP with which 
> traffic is to be translate. Is this functionality not supported, or 
> have I missed something when reading the various sections?

It is AFAIK, they just don't use it in the example.

KeS



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E86B392-BCA4-11D8-8DC5-000A95D7C3C6>