From owner-freebsd-questions Sun Jan 9 22:40:27 2000 Delivered-To: freebsd-questions@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 3EAF714E1A for ; Sun, 9 Jan 2000 22:40:24 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id BAA02813; Mon, 10 Jan 2000 01:44:22 -0500 (EST) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <200001100644.BAA02813@cc942873-a.ewndsr1.nj.home.com> Subject: Re: 2 port ethernet NAT question In-Reply-To: from marc rassbach at "Jan 9, 2000 11:13:10 pm" To: marc@tandem.milestonerdl.com (marc rassbach) Date: Mon, 10 Jan 2000 01:44:22 -0500 (EST) Cc: freebsd-questions@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG marc rassbach wrote, > I am having trouble making this network NAT config > to work. > > I m looking to take the next address 204.204.204.205 > to be xlated to the 192.168.10.28 machine, both > incoming and outgoing. > > I ve gotten the 192.168.10.28 box to NAT out. As > soon as tried the redirect_address, the ability for > 10.28 to see the freebsd box and the net goes out > the window. > > I ve tried adding and not adding the alias to de0 of > 204.204.204.205. > > > 204.204.204.204 192.168.10.1 > +---------+ > Net----de0---& FreeBSD &--pn0--internal > +---------+ > > Natd.conf looks like > > log > log_denied > verbose > unregistered_only > interface pn0 > interface de0 > #redirect_address 204.204.204.205 192.168.10.28 Well, first off, you have your addresses flipped. It should be, redirect_address 192.168.10.28 204.204.204.205 This is probably why everything grinds to a stop. > And ipfw show looks like > > 00100 0 0 allow ip from any to any via lo0 > 00200 2 77 deny ip from any to 127.0.0.0/8 > 00210 472601 292624231 divert 8668 ip from any to any via > pn0 > 00210 473519 292659782 divert 8668 ip from any to any via > de0 Why not just do a, # ipfw add 300 divert 8668 ip from any to any Why a rule for each interface? > 60000 946067 585279389 allow ip from any to any > 65000 72 7029 allow ip from any to any -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message