From owner-freebsd-questions@FreeBSD.ORG Sat Jun 12 20:31:36 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E63A616A4CE for ; Sat, 12 Jun 2004 20:31:35 +0000 (GMT) Received: from pythagoras.zen.co.uk (pythagoras.zen.co.uk [212.23.3.140]) by mx1.FreeBSD.org (Postfix) with ESMTP id 96FED43D41 for ; Sat, 12 Jun 2004 20:31:35 +0000 (GMT) (envelope-from stacey@vickiandstacey.com) Received: from [82.68.31.177] (helo=crom.vickiandstacey.com) by pythagoras.zen.co.uk with esmtp (Exim 4.30) id 1BZEgm-0004AA-0T; Sat, 12 Jun 2004 20:01:16 +0000 Received: from crom.vickiandstacey.com (localhost [127.0.0.1]) i5CK16ca069857; Sat, 12 Jun 2004 21:01:11 +0100 (BST) (envelope-from stacey@crom.vickiandstacey.com) Received: (from stacey@localhost) by crom.vickiandstacey.com (8.12.11/8.12.11/Submit) id i5CK11Id069856; Sat, 12 Jun 2004 21:01:01 +0100 (BST) (envelope-from stacey) Date: Sat, 12 Jun 2004 21:01:01 +0100 From: Stacey Roberts To: Kevin Stevens Message-ID: <20040612200101.GH392@crom.vickiandstacey.com> References: <20040612164622.GE392@crom.vickiandstacey.com> <3E86B392-BCA4-11D8-8DC5-000A95D7C3C6@pursued-with.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="uHXdqxJKu4m6W3Gg" Content-Disposition: inline In-Reply-To: <3E86B392-BCA4-11D8-8DC5-000A95D7C3C6@pursued-with.net> User-Agent: Mutt/1.4.2.1i X-Originating-Pythagoras-IP: [82.68.31.177] cc: freebsd-questions@freebsd.org cc: Stacey Roberts Subject: Re: NAT vs Public IP Range info needed, please X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jun 2004 20:31:36 -0000 --uHXdqxJKu4m6W3Gg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Kevin, Thanks for replying. ----- Original Message ----- From: "Kevin Stevens " To: To Stacey Roberts Date: Sat, 12 Jun, 2004 20:11 BST Subject: Re: NAT vs Public IP Range info needed, please >=20 > On Jun 12, 2004, at 09:46, Stacey Roberts wrote: >=20 > >The ISP's DSL package includes 8 static ip addresses: - > >1 - network addr > >1 - broadcast addr > >1 "router" address > >5 usable ip addresses >=20 > >The -redirect_address syntax is as follows: > >-redirect_address localIP publicIP > >localIP The internal IP address of the LAN client. > >publicIP The external IP address corresponding to the LAN=20 > >client. >=20 > >What I would like to know is if it is possible to do to following: - > >Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6,=20 > >1.1.1.7 & 1.1.1.8 > >1] G'Way host is assigned its own public IP - 1.1.1.3 > >2] LAN hosts' (all) traffic is NAT'd using one of the other public=20 > >IP's - 1.1.1.4 > >3] Remaining 4 public IP addresses are left to be used other purposes=20 > >(eg: "true" address redirection to a DMZ-host, that is not a member of= =20 > >the internal LAN subnet) >=20 > Not sure I understand (it would help if you used a real public /29 to=20 > illustrate, your example doesn't follow legal subnet rules). in 1)=20 > above, the gateway host ip has to come out of the usable address pool,=20 > which you designate .4 - .8. So in 1) you could have the gateway IP as= =20 > .4. In 2) You have .5 assigned for many-one NATing (in the Linux world= =20 > they'd call this ip masquerading). In 3) you'd have THREE public=20 > addressed left that could be used for one-one NAT. Well.., despite the actual IP addresses used, you've got the general pictur= e correct there. What I'm after is to be able to define an IP address that = is *not* that which is assigned to the publicly-facing interface of the gat= eway as the nat ip address for internal lan hosts. >=20 > >As you see, the g'way's public ip is not being used for NAT'ing=20 > >internal hosts' outgoing traffic, but another ip from within the=20 > >assignied public ip address range. My reading of the NAT chapter does=20 > >not suggest that there is a way to define the public IP with which=20 > >traffic is to be translate. Is this functionality not supported, or=20 > >have I missed something when reading the various sections? >=20 > It is AFAIK, they just don't use it in the example. I've seen your follow-up mail arrive, where you've included the pointer to = the alias -switch to natd(8). Cheers for that.., I'll have a read and try t= o work this out. Thanks again for taking the time. Regards, Stacey >=20 > KeS >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --uHXdqxJKu4m6W3Gg Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUBQMtg+udvY+8mWFvRAQELvAf8DMf7ps0k9VaivhBlkBNUXp5J4PeQ/Yur WDjkl5RH3Nd/crKyhtygAGG2gMvAnz3RaNUjr6SdJqrN9BhgYWBAmIUx7AfhMQsF GE3A7cYDAEuohh1D/y93ZYTE8voSphP4BJlfoAIO4EXham//Fq2zBKFrhBZlCqfr AXVV3gewFKlxN/qvIpCa/DTdQSw0ZWVvlO5hXrrRxv2d1pW/3cov7iDh8787g5aP /4+KPDJR1/qM0qYV9RhepBn975d2QBTrw3NwR97DM9ILCMAIXO1ZBm7b4OUoUYVE 60InizgBYYV/mTuB1yXTffxcMNBPfJ5bdj0Jo9qHMnWMc7Ew1PWv8Q== =e+rR -----END PGP SIGNATURE----- --uHXdqxJKu4m6W3Gg--