From owner-freebsd-questions@FreeBSD.ORG Sat Jun 12 19:20:43 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1880616A4CE for ; Sat, 12 Jun 2004 19:20:43 +0000 (GMT) Received: from pursued-with.net (adsl-66-125-9-244.dsl.sndg02.pacbell.net [66.125.9.244]) by mx1.FreeBSD.org (Postfix) with ESMTP id C902D43D39 for ; Sat, 12 Jun 2004 19:20:42 +0000 (GMT) (envelope-from freebsd@pursued-with.net) Received: from [10.0.0.42] (babelfish.pursued-with.net [10.0.0.42]) by pursued-with.net (Postfix) with ESMTP id 6216B18CB79; Sat, 12 Jun 2004 12:20:15 -0700 (PDT) In-Reply-To: <3E86B392-BCA4-11D8-8DC5-000A95D7C3C6@pursued-with.net> References: <20040612164622.GE392@crom.vickiandstacey.com> <3E86B392-BCA4-11D8-8DC5-000A95D7C3C6@pursued-with.net> Mime-Version: 1.0 (Apple Message framework v618) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <887D031B-BCA5-11D8-8DC5-000A95D7C3C6@pursued-with.net> Content-Transfer-Encoding: 7bit From: Kevin Stevens Date: Sat, 12 Jun 2004 12:20:15 -0700 To: freebsd-questions@FreeBSD.ORG X-Mailer: Apple Mail (2.618) cc: Stacey Roberts Subject: Re: NAT vs Public IP Range info needed, please X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jun 2004 19:20:43 -0000 On Jun 12, 2004, at 12:11, Kevin Stevens wrote: >> As you see, the g'way's public ip is not being used for NAT'ing >> internal hosts' outgoing traffic, but another ip from within the >> assignied public ip address range. My reading of the NAT chapter does >> not suggest that there is a way to define the public IP with which >> traffic is to be translate. Is this functionality not supported, or >> have I missed something when reading the various sections? > > It is AFAIK, they just don't use it in the example. Sorry, should have elaborated. This would be done by using the -alias_address option in natd, rather than the -interface option. man natd for more info. KeS -alias_address | -a address Use address as the aliasing address. Either this or the -interface option must be used (but not both), if the -proxy_only option is not specified. The specified address is usually the address assigned to the ``public'' network interface. All data passing out will be rewritten with a source address equal to address. All data coming in will be checked to see if it matches any already-aliased outgoing connection. If it does, the packet is altered accordingly. If not, all -redirect_port, -redirect_proto and -redirect_address assign- ments are checked and actioned. If no other action can be made and if -deny_incoming is not specified, the packet is delivered to the local machine using the rules specified in -target_address option below.