Date: Tue, 23 Dec 2003 08:23:00 -0500 From: Peter Serwe <peter@easytree.net> To: freebsd-net@freebsd.org Subject: ipfw/natd/3 nic Message-ID: <3FE841B4.8E6D47E9@easytree.net>
next in thread | raw e-mail | index | archive | help
Okay, Basically, since FreeBSD is (in my mind anyway) the ultimate leatherman of the OS world, and God's own gift to networking and network services in general I decided to try to do a 3 nic ipfw/natd setup. I've done 2 nic ipfw/natd a couple of times, straight ipfw public-->public ipfw a couple of times, I'm fairly comfortable with it.. After searching around, I found a message from Gilson (de?)Paiva referencing some stuff Barney Wolff told him that basically straightened it out. Here's what I'm trying to accomplish: I have 2 internal networks that I'll term private_private (192.168.1.0/24) and public_private (192.168.2.0/24). The total number of clients between both networks probably could never exceed 100, and probably won't ever exceed 50. I have one public ip address. I need both networks to be able to surf, but I _never_ want ANY traffic to be able to go in between except from someone having direct access to the router. The router shouldn't be passing any traffic in between private networks. My ideal as I've currently envisioned it would be 3 nic nat, with both private networks being able to get out the public interface. Here's the part that's got me thrown for a loop: Run 2 instances of natd on 8668/8669 - no problem. Run divert rule twice, one to first nat interface on 8668, one to second on 8669. The second natd line is the problem child for me: /sbin/natd -f /etc/natd.conf -p 8669 -alias_address public_address Is this to imply that I need to run a second public address for the second natd instance to run? Hopefully I've left out nothing relevant, Thanks all. Pete -- Peter Serwe <peter@easytree.net> Cheaper, Faster, Better, pick any two.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FE841B4.8E6D47E9>