From owner-freebsd-questions@FreeBSD.ORG Sat Jun 12 20:31:35 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6BB2016A4CE for ; Sat, 12 Jun 2004 20:31:35 +0000 (GMT) Received: from pythagoras.zen.co.uk (pythagoras.zen.co.uk [212.23.3.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id E180B43D41 for ; Sat, 12 Jun 2004 20:31:34 +0000 (GMT) (envelope-from stacey@vickiandstacey.com) Received: from [82.68.31.177] (helo=crom.vickiandstacey.com) by pythagoras.zen.co.uk with esmtp (Exim 4.30) id 1BZEab-00025y-Vf; Sat, 12 Jun 2004 19:54:54 +0000 Received: from crom.vickiandstacey.com (localhost [127.0.0.1]) i5CJsivb069817; Sat, 12 Jun 2004 20:54:49 +0100 (BST) (envelope-from stacey@crom.vickiandstacey.com) Received: (from stacey@localhost) by crom.vickiandstacey.com (8.12.11/8.12.11/Submit) id i5CJsdbi069816; Sat, 12 Jun 2004 20:54:39 +0100 (BST) (envelope-from stacey) Date: Sat, 12 Jun 2004 20:54:39 +0100 From: Stacey Roberts To: Vince Hoffman Message-ID: <20040612195439.GG392@crom.vickiandstacey.com> References: <20040612164622.GE392@crom.vickiandstacey.com> <20040612182659.U17341@unsane.co.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="N+dhEFW7Y2Uiel/w" Content-Disposition: inline In-Reply-To: <20040612182659.U17341@unsane.co.uk> User-Agent: Mutt/1.4.2.1i X-Originating-Pythagoras-IP: [82.68.31.177] cc: freebsd-questions@freebsd.org cc: Stacey Roberts Subject: Re: NAT vs Public IP Range info needed, please X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jun 2004 20:31:35 -0000 --N+dhEFW7Y2Uiel/w Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Vince, Thanks for the reply. ----- Original Message ----- From: "Vince Hoffman " To: To Stacey Roberts Date: Sat, 12 Jun, 2004 18:36 BST Subject: Re: NAT vs Public IP Range info needed, please >=20 >=20 > On Sat, 12 Jun 2004, Stacey Roberts wrote: >=20 > > Hello, > > I am looking to replace a proprietary DSL router/modem with the Sa= ngoma S518 ADSL PCI Controller, thereby placing a FreeBSD (4.10-Stable) ser= ver running ipfw to handle access, firewall and nat duties. > > > > > > What I would like to know is if it is possible to do to following: - > > Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6, 1.1= .1.7 & 1.1.1.8 > > 1] G'Way host is assigned its own public IP - 1.1.1.3 > > 2] LAN hosts' (all) traffic is NAT'd using one of the other public IP's= - 1.1.1.4 > > 3] Remaining 4 public IP addresses are left to be used other purposes (= eg: "true" address redirection to a DMZ-host, that is not a member of the i= nternal LAN subnet) > > >=20 > All entirely reasonable >=20 > > As you see, the g'way's public ip is not being used for NAT'ing interna= l hosts' outgoing traffic, but another ip from within the assignied public = ip address range. My reading of the NAT chapter does not suggest that there= is a way to define the public IP with which traffic is to be translate. Is= this functionality not supported, or have I missed something when reading = the various sections? >=20 > You havent missed anything in the hand book but I suggest reading the natd > manpage, specificly > -alias_address | -a address > Use address as the aliasing address. Either this or the > -interface option must be used (but not both), [more here > but no need to post it as you have it all already] Excellent! I'll get onto this and see what needs to be done whilst I wait f= or the card to arrive. >=20 > Also it might be worth looking at at the ipf/ipnat ipfilter stuff and se= eing which > you find easier to use. (examples in /usr/share/examples/ipfilter for > ipfilter , see the handbook or manpage for ipfw.) I've never used ipfilter before - mainly because the HandBook had historica= lly exclusively used ipfw in its examples since I started with FreeBSD back= at 4.2. I'll certainly consider ipfilter as well to see what benefits it o= ffers over ipfw. Thanks for that suggestion. Regards, Stacey >=20 >=20 >=20 > > > > I'd appreciate any pointers to where I might find more information that= might assist me, or an explanation of what it is that I am not understandi= ng when reading the HandBook. > > > > Thanks for the time. > > > > Regards, > > > > Stacey > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --N+dhEFW7Y2Uiel/w Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUBQMtffOdvY+8mWFvRAQGi/wf7BcCL+Lov1thUiyqSlaAo/4UR7sW4zWEI euzOJjbOYYHSeKIDCkvclZw7Pw5KVMfYeCQgO7/jJB6vocfImjIwz4HSB1N1V8PT F0pNJglBXyGH/I6PajXDVcV1HzphegokzByxWVk6a38XS4+IzemOtGz5KYjJ51PT bXx8TN3alSzJuraMJLhmrjtAXQC1K+fwkdSAwRc6Q8cw/zIkxTj64IFA9wXMEgVb l9CSWG2V1go0P1BOfw9m5ldC/Vc7orLRFHC2qNeKLF2LDgThS0IfntNtmkKT2LOT LhRWX2OqCy/Hs5luILcGAm1b8lxkqy/QoZymPMP7LlMxTr01+lCKlQ== =WHqU -----END PGP SIGNATURE----- --N+dhEFW7Y2Uiel/w--