From owner-freebsd-questions Sat Feb 17 17:13:50 2001 Delivered-To: freebsd-questions@freebsd.org Received: from home.offwhite.net (home.offwhite.net [156.46.35.30]) by hub.freebsd.org (Postfix) with ESMTP id 3DEF037B401 for ; Sat, 17 Feb 2001 17:13:47 -0800 (PST) Received: from localhost (brennan@localhost) by home.offwhite.net (8.11.1/8.11.1) with ESMTP id f1I1DkZ75629 for ; Sat, 17 Feb 2001 19:13:46 -0600 (CST) (envelope-from brennan@offwhite.net) Date: Sat, 17 Feb 2001 19:13:46 -0600 (CST) From: Brennan Stehling To: freebsd-questions@freebsd.org Subject: natd vs ipnat Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Lately I have used FreeBSD to act as a firewall/router between an outside connection and a private networks. I have have done this a few times now for either a DSL or the T1 at the office. Each time I do this I have to recompile the kernel with support for ipnat so I can run NAT. There may be 2 solutions for this so I am looking for any examples which may help me do this better. I typically run natd with ipnat. Natd does mapping for a whole address while ipnat can wildcard a single public IP for a poll of internal addresses. Some people may need to have a dedicated IP to do FTP or something else. Is simply do the full mapping of a public IP to the internally private IP. Otherwise I have DHCP running on the server and that gives out the IPs which ipnat is aliasing. I am wondering if I can simply configure natd to wildcard like I am doing with ipnat. Perhaps a text diagram will help... Outside IP Pool: 216.127.183.17 216.127.183.18 216.127.183.19 216.127.183.20 216.127.183.21 Internally all Machines have these addresses... 192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5 192.168.1.100 192.168.1.101 192.168.1.102 192.168.1.103 192.168.1.104 I will then map the first few addresses with natd. Here are a few examples lines from /etc/natd.conf interface xl1 redirect_address 192.168.1.2 216.127.183.17 redirect_address 192.168.1.3 216.127.183.18 redirect_address 192.168.1.4 216.127.183.19 redirect_address 192.168.1.5 216.127.183.20 This will take care of my "static" addresses which essentially have a more reliable connection for various services. Then my rules file for ipnat would be something like... map xl0 192.168.1.0/32 -> 216.127.183.21/32 portmap tcp/udp 40000:65000 This will be able wildcard for the pool of addresses I would give out with DHCP. I have typically been using 192.168.1.100 to 200 as my pool. Is this how it has to be done? Can I wildcard it better? And is there a way to do without compiling a new kernel to do the routing? One route I have considered is simply adding 100 addresses into the natd.conf file but I do not think I can use a public address for multiple private addresses. The man page mentions something of this, but it is not clear. I will be doing some experimenting over the next couple of days and any help in terms of suggestions and example configuration files would be very much appreciated. Please also let me know if you think you can use the default kernel with your configuration. I am trying to install FreeBSD onto older machines with slow processors and only 500 mb of disk space and it can be a bear to compile if it would even fit. I wish there were a few compiled kernels which came with the 4 disk CD set. Compiling the kernel to simply provide NAT seems odd for a network operating system like FreeBSD. Perhaps this will change since now so many people have found FreeBSD to be a great way to run a home network off their DSL/Cable modem. Brennan Stehling - software developer and system administrator my projects: home.offwhite.net (free personal hosting) www.greasydaemon.com (bsd search) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message