Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 12 Jun 2004 12:20:15 -0700
From:      Kevin Stevens <freebsd@pursued-with.net>
To:        freebsd-questions@FreeBSD.ORG
Cc:        Stacey Roberts <stacey@vickiandstacey.com>
Subject:   Re: NAT vs Public IP Range info needed, please
Message-ID:  <887D031B-BCA5-11D8-8DC5-000A95D7C3C6@pursued-with.net>
In-Reply-To: <3E86B392-BCA4-11D8-8DC5-000A95D7C3C6@pursued-with.net>
References:  <20040612164622.GE392@crom.vickiandstacey.com> <3E86B392-BCA4-11D8-8DC5-000A95D7C3C6@pursued-with.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Jun 12, 2004, at 12:11, Kevin Stevens wrote:

>> As you see, the g'way's public ip is not being used for NAT'ing 
>> internal hosts' outgoing traffic, but another ip from within the 
>> assignied public ip address range. My reading of the NAT chapter does 
>> not suggest that there is a way to define the public IP with which 
>> traffic is to be translate. Is this functionality not supported, or 
>> have I missed something when reading the various sections?
>
> It is AFAIK, they just don't use it in the example.

Sorry, should have elaborated.  This would be done by using the 
-alias_address option in natd, rather than the -interface option.  man 
natd for more info.

KeS

-alias_address | -a address
                  Use address as the aliasing address.  Either this or 
the
                  -interface option must be used (but not both), if the
                  -proxy_only option is not specified.  The specified 
address
                  is usually the address assigned to the ``public'' 
network
                  interface.

                  All data passing out will be rewritten with a source 
address
                  equal to address.  All data coming in will be checked 
to see
                  if it matches any already-aliased outgoing connection. 
  If it
                  does, the packet is altered accordingly.  If not, all
                  -redirect_port, -redirect_proto and -redirect_address 
assign-
                  ments are checked and actioned.  If no other action 
can be
                  made and if -deny_incoming is not specified, the 
packet is
                  delivered to the local machine using the rules 
specified in
                  -target_address option below.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?887D031B-BCA5-11D8-8DC5-000A95D7C3C6>