From owner-freebsd-isp Sun Feb 11 19:24:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131]) by hub.freebsd.org (Postfix) with ESMTP id 9A79837B401 for ; Sun, 11 Feb 2001 19:24:28 -0800 (PST) Received: from localhost (ryan@localhost) by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id VAA86450; Sun, 11 Feb 2001 21:24:13 -0600 (CST) (envelope-from ryan@sasknow.com) Date: Sun, 11 Feb 2001 21:24:13 -0600 (CST) From: Ryan Thompson To: phil grainger Cc: isp@FreeBSD.ORG Subject: Re: ip redirection In-Reply-To: <5.0.2.1.2.20010211154104.02709190@freebsd.cnnet.com.au> Message-ID: Organization: SaskNow Technologies [www.sasknow.com] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org phil grainger wrote to isp@FreeBSD.ORG: > hi, > our isp recently got a satellite feed and i managed to get the squid > talking via the sat ip's ... > > no i am wanting to use the satellite for incoming ftp and incoming napster > traffic. > > our servers run a 203. (land line) and 209. (satellite) networks our > clients use > 203. ip's > > our clients gateway is a freebsd 3-stable machine although i can change that > to a linux 2.2 box (of course i would prefer the freebsd solution!) > > the freebsd box is running ipnat and ipfw I think you're making this more complicated than it should be. You can't route specific ports with IP--you can only route subnets. (Imagine how large routing tables would get if multiplexed by 64K possible port addresses :-) If you don't want someone accessing FTP over the land line ("203."), simply block incoming FTP connections on that subnet in your packet filter for that subnet, or just don't bind the FTP daemon to an address on that network. Same applies to Napster. Then, just configure forward DNS to resolve the hostname to the sattelite (209.) IPs, so your users won't have to know the difference. Maybe you could configure your gateway to forward incoming FTP packets between the subnets, but that still won't stop people from connecting over the landline subnet, and I think you'd be hard pressed to send a reply BACK from one IP address when the client expects it on another. :-) > has anyone got any advice on how to manage this > > > thanks, > > Phil Grainger > ---------------------------------------------------------- > ozxpress.com.au User Support Services > http://ozxpress.com.au > ---------------------------------------------------------- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- Ryan Thompson Network Administrator, Accounts SaskNow Technologies - http://www.sasknow.com #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message