Date: Sat, 12 Jun 2004 20:50:29 +0100 From: Stacey Roberts <stacey@vickiandstacey.com> To: Eric Crist <ecrist@secure-computing.net> Cc: 'Stacey Roberts' <stacey@vickiandstacey.com> Subject: Re: NAT vs Public IP Range info needed, please Message-ID: <20040612195029.GF392@crom.vickiandstacey.com> In-Reply-To: <002501c450a2$03370d00$6601a8c0@Nomad> References: <20040612164622.GE392@crom.vickiandstacey.com> <002501c450a2$03370d00$6601a8c0@Nomad>
next in thread | previous in thread | raw e-mail | index | archive | help
--ds9maZbwT7uk2FVi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Eric, ----- Original Message ----- From: "Eric Crist <ecrist@secure-computing.net>" To: To 'Stacey Roberts' Date: Sat, 12 Jun, 2004 18:23 BST Subject: RE: NAT vs Public IP Range info needed, please > > -----Original Message----- > > Hello, > > I am looking to replace a proprietary DSL router/modem > > with the Sangoma S518 ADSL PCI Controller, thereby placing a > > FreeBSD (4.10-Stable) server running ipfw to handle access, > > firewall and nat duties. > > <snipped> =20 > What I would like to know is if it is possible to do to following: - > Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6, > 1.1.1.7 & 1.1.1.8 1] G'Way host is assigned its own public IP - 1.1.1.3 > 2] LAN hosts' (all) traffic is NAT'd using one of the other public IP's > - 1.1.1.4 3] Remaining 4 public IP addresses are left to be used other > purposes (eg: "true" address redirection to a DMZ-host, that is not a > member of the internal LAN subnet) >=20 > As you see, the g'way's public ip is not being used for NAT'ing internal > hosts' outgoing traffic, but another ip from within the assignied public > ip address range. My reading of the NAT chapter does not suggest that > there is a way to define the public IP with which traffic is to be > translate. Is this functionality not supported, or have I missed > something when reading the various sections? >=20 > I'd appreciate any pointers to where I might find more information that > might assist me, or an explanation of what it is that I am not > understanding when reading the HandBook. > -------------------- >=20 > Stacey, >=20 > The public IP address for the gateway WILL be used for NAT'ing, if you > choose to do so. In order to get things to work correctly, you're going > to need three NICs installed in this machine (counting one of them as > the DSL PCI card). Their use are as follows: >=20 > Sis0: This is your DSL interface (probably not going to be called sis0) > Sis1: This is your internal, non-DMZ interface, i.e. NAT'd. > Sis2: This is your DMZ interface, i.e. non-NAT'd. Yes this is pretty much the set up that is envisaged for the network edge. >=20 > If you read the man pages on NAT (man nat, iirc), you'll learn the > syntax and such to use within your rc.conf file to configure the correct > interfaces. I've seen other list-members' responses including a pointer to man natd(8) = with respect to the alias switch, which I intend to study. >=20 > When I've got more time, if you can't figure it out, I'll post a more > elaborate configuration for you. Thanks for this, Eric. I've got to get the card first (hopefully with inter= national shipping, it'll be able to get here within a few days so that I ca= n start testing the set up. Given the confidence with which the others' hav= e spoken of the alias switch, I'm now very much happier with the prospects = for this solution than before. I'll certainly post back with what results I= get. Thanks very much for taking the time to get back to me. Regards, Stacey >=20 > HTH >=20 > Eric F Crist > President > AdTech Integrated Systems, Inc > (612) 998-3588 >=20 >=20 >=20 >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --ds9maZbwT7uk2FVi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUBQMtegudvY+8mWFvRAQEBrAgA1c6QlAaczWgHb13WPS2Pe0pVUoeeEi2l rUqbXvJXe/290C2mZsXK+aSS662JXSAU9cAOoZ4HhJRY2KCHMt3annn+erUDueBz k62NFOwE8aITz8TFjWIikP3CDtm7qZmKqdHPYV41WGYLTmiwW2dtz1GA8+bHKQ3p LNnIpiAZSFZ8EH4nHtidCcuA3Vd7oKzYfeCNrQ0ZMcNgMKOZYc8OcoOIxvY1oLmN 4hdNwA6V28aUZC1Abehim2LdFx5MVtt08gEDz9dz1QAiPczYR2pTbfwGKtPSJKSI Px57tPj2cSeSFMODvNuzCOJC+XZxIVPf/aDwMkxc54LBsKB0CzBwJA== =mXo+ -----END PGP SIGNATURE----- --ds9maZbwT7uk2FVi--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040612195029.GF392>