Date: Sat, 12 Jun 2004 20:54:39 +0100 From: Stacey Roberts <stacey@vickiandstacey.com> To: Vince Hoffman <jhary@unsane.co.uk> Cc: Stacey Roberts <stacey@vickiandstacey.com> Subject: Re: NAT vs Public IP Range info needed, please Message-ID: <20040612195439.GG392@crom.vickiandstacey.com> In-Reply-To: <20040612182659.U17341@unsane.co.uk> References: <20040612164622.GE392@crom.vickiandstacey.com> <20040612182659.U17341@unsane.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Hello Vince,
Thanks for the reply.
----- Original Message -----
From: "Vince Hoffman <jhary@unsane.co.uk>"
To: To Stacey Roberts
Date: Sat, 12 Jun, 2004 18:36 BST
Subject: Re: NAT vs Public IP Range info needed, please
>
>
> On Sat, 12 Jun 2004, Stacey Roberts wrote:
>
> > Hello,
> > I am looking to replace a proprietary DSL router/modem with the Sangoma S518 ADSL PCI Controller, thereby placing a FreeBSD (4.10-Stable) server running ipfw to handle access, firewall and nat duties.
> >
<snipped>
> >
> > What I would like to know is if it is possible to do to following: -
> > Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6, 1.1.1.7 & 1.1.1.8
> > 1] G'Way host is assigned its own public IP - 1.1.1.3
> > 2] LAN hosts' (all) traffic is NAT'd using one of the other public IP's - 1.1.1.4
> > 3] Remaining 4 public IP addresses are left to be used other purposes (eg: "true" address redirection to a DMZ-host, that is not a member of the internal LAN subnet)
> >
>
> All entirely reasonable
>
> > As you see, the g'way's public ip is not being used for NAT'ing internal hosts' outgoing traffic, but another ip from within the assignied public ip address range. My reading of the NAT chapter does not suggest that there is a way to define the public IP with which traffic is to be translate. Is this functionality not supported, or have I missed something when reading the various sections?
>
> You havent missed anything in the hand book but I suggest reading the natd
> manpage, specificly
> -alias_address | -a address
> Use address as the aliasing address. Either this or the
> -interface option must be used (but not both), [more here
> but no need to post it as you have it all already]
Excellent! I'll get onto this and see what needs to be done whilst I wait for the card to arrive.
>
> Also it might be worth looking at at the ipf/ipnat ipfilter stuff and seeing which
> you find easier to use. (examples in /usr/share/examples/ipfilter for
> ipfilter , see the handbook or manpage for ipfw.)
I've never used ipfilter before - mainly because the HandBook had historically exclusively used ipfw in its examples since I started with FreeBSD back at 4.2. I'll certainly consider ipfilter as well to see what benefits it offers over ipfw. Thanks for that suggestion.
Regards,
Stacey
>
>
>
> >
> > I'd appreciate any pointers to where I might find more information that might assist me, or an explanation of what it is that I am not understanding when reading the HandBook.
> >
> > Thanks for the time.
> >
> > Regards,
> >
> > Stacey
> >
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQEVAwUBQMtffOdvY+8mWFvRAQGi/wf7BcCL+Lov1thUiyqSlaAo/4UR7sW4zWEI
euzOJjbOYYHSeKIDCkvclZw7Pw5KVMfYeCQgO7/jJB6vocfImjIwz4HSB1N1V8PT
F0pNJglBXyGH/I6PajXDVcV1HzphegokzByxWVk6a38XS4+IzemOtGz5KYjJ51PT
bXx8TN3alSzJuraMJLhmrjtAXQC1K+fwkdSAwRc6Q8cw/zIkxTj64IFA9wXMEgVb
l9CSWG2V1go0P1BOfw9m5ldC/Vc7orLRFHC2qNeKLF2LDgThS0IfntNtmkKT2LOT
LhRWX2OqCy/Hs5luILcGAm1b8lxkqy/QoZymPMP7LlMxTr01+lCKlQ==
=WHqU
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040612195439.GG392>