From owner-freebsd-questions@FreeBSD.ORG Sat Jun 12 19:51:26 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73F1016A4CE for ; Sat, 12 Jun 2004 19:51:26 +0000 (GMT) Received: from heisenberg.zen.co.uk (heisenberg.zen.co.uk [212.23.3.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id F230543D31 for ; Sat, 12 Jun 2004 19:51:25 +0000 (GMT) (envelope-from stacey@vickiandstacey.com) Received: from [82.68.31.182] (helo=crom.vickiandstacey.com) by heisenberg.zen.co.uk with esmtp (Exim 4.30) id 1BZEWY-0007n1-Kx; Sat, 12 Jun 2004 19:50:42 +0000 Received: from crom.vickiandstacey.com (localhost [127.0.0.1]) i5CJoYMq069773; Sat, 12 Jun 2004 20:50:38 +0100 (BST) (envelope-from stacey@crom.vickiandstacey.com) Received: (from stacey@localhost) by crom.vickiandstacey.com (8.12.11/8.12.11/Submit) id i5CJoToI069772; Sat, 12 Jun 2004 20:50:29 +0100 (BST) (envelope-from stacey) Date: Sat, 12 Jun 2004 20:50:29 +0100 From: Stacey Roberts To: Eric Crist Message-ID: <20040612195029.GF392@crom.vickiandstacey.com> References: <20040612164622.GE392@crom.vickiandstacey.com> <002501c450a2$03370d00$6601a8c0@Nomad> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ds9maZbwT7uk2FVi" Content-Disposition: inline In-Reply-To: <002501c450a2$03370d00$6601a8c0@Nomad> User-Agent: Mutt/1.4.2.1i X-Originating-Heisenberg-IP: [82.68.31.182] cc: freebsd-questions@freebsd.org cc: 'Stacey Roberts' Subject: Re: NAT vs Public IP Range info needed, please X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jun 2004 19:51:26 -0000 --ds9maZbwT7uk2FVi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Eric, ----- Original Message ----- From: "Eric Crist " To: To 'Stacey Roberts' Date: Sat, 12 Jun, 2004 18:23 BST Subject: RE: NAT vs Public IP Range info needed, please > > -----Original Message----- > > Hello, > > I am looking to replace a proprietary DSL router/modem > > with the Sangoma S518 ADSL PCI Controller, thereby placing a > > FreeBSD (4.10-Stable) server running ipfw to handle access, > > firewall and nat duties. > > =20 > What I would like to know is if it is possible to do to following: - > Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6, > 1.1.1.7 & 1.1.1.8 1] G'Way host is assigned its own public IP - 1.1.1.3 > 2] LAN hosts' (all) traffic is NAT'd using one of the other public IP's > - 1.1.1.4 3] Remaining 4 public IP addresses are left to be used other > purposes (eg: "true" address redirection to a DMZ-host, that is not a > member of the internal LAN subnet) >=20 > As you see, the g'way's public ip is not being used for NAT'ing internal > hosts' outgoing traffic, but another ip from within the assignied public > ip address range. My reading of the NAT chapter does not suggest that > there is a way to define the public IP with which traffic is to be > translate. Is this functionality not supported, or have I missed > something when reading the various sections? >=20 > I'd appreciate any pointers to where I might find more information that > might assist me, or an explanation of what it is that I am not > understanding when reading the HandBook. > -------------------- >=20 > Stacey, >=20 > The public IP address for the gateway WILL be used for NAT'ing, if you > choose to do so. In order to get things to work correctly, you're going > to need three NICs installed in this machine (counting one of them as > the DSL PCI card). Their use are as follows: >=20 > Sis0: This is your DSL interface (probably not going to be called sis0) > Sis1: This is your internal, non-DMZ interface, i.e. NAT'd. > Sis2: This is your DMZ interface, i.e. non-NAT'd. Yes this is pretty much the set up that is envisaged for the network edge. >=20 > If you read the man pages on NAT (man nat, iirc), you'll learn the > syntax and such to use within your rc.conf file to configure the correct > interfaces. I've seen other list-members' responses including a pointer to man natd(8) = with respect to the alias switch, which I intend to study. >=20 > When I've got more time, if you can't figure it out, I'll post a more > elaborate configuration for you. Thanks for this, Eric. I've got to get the card first (hopefully with inter= national shipping, it'll be able to get here within a few days so that I ca= n start testing the set up. Given the confidence with which the others' hav= e spoken of the alias switch, I'm now very much happier with the prospects = for this solution than before. I'll certainly post back with what results I= get. Thanks very much for taking the time to get back to me. Regards, Stacey >=20 > HTH >=20 > Eric F Crist > President > AdTech Integrated Systems, Inc > (612) 998-3588 >=20 >=20 >=20 >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --ds9maZbwT7uk2FVi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUBQMtegudvY+8mWFvRAQEBrAgA1c6QlAaczWgHb13WPS2Pe0pVUoeeEi2l rUqbXvJXe/290C2mZsXK+aSS662JXSAU9cAOoZ4HhJRY2KCHMt3annn+erUDueBz k62NFOwE8aITz8TFjWIikP3CDtm7qZmKqdHPYV41WGYLTmiwW2dtz1GA8+bHKQ3p LNnIpiAZSFZ8EH4nHtidCcuA3Vd7oKzYfeCNrQ0ZMcNgMKOZYc8OcoOIxvY1oLmN 4hdNwA6V28aUZC1Abehim2LdFx5MVtt08gEDz9dz1QAiPczYR2pTbfwGKtPSJKSI Px57tPj2cSeSFMODvNuzCOJC+XZxIVPf/aDwMkxc54LBsKB0CzBwJA== =mXo+ -----END PGP SIGNATURE----- --ds9maZbwT7uk2FVi--