Date: Tue, 23 Dec 2003 09:08:06 -0500 From: Peter Serwe <peter@easytree.net> To: freebsd-net@freebsd.org Subject: Re: ipfw/natd/3 nic Message-ID: <3FE84C46.494045F6@easytree.net> References: <3FE841B4.8E6D47E9@easytree.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Okay, to make a long story short, I got the second public ip to alias to the outside interface. Sounds like: No problem! If there are any extra pointers to extra documentation that would help this out, I'd greatly appreciate it. Thanks again, Pete Peter Serwe wrote: > Okay, > > Basically, since FreeBSD is (in my mind anyway) > the ultimate leatherman of the OS world, and God's > own gift to networking and network services in general > I decided to try to do a 3 nic ipfw/natd setup. > > I've done 2 nic ipfw/natd a couple of times, straight > ipfw public-->public ipfw a couple of times, I'm fairly > comfortable with it.. > > After searching around, I found a message from > Gilson (de?)Paiva referencing some stuff Barney Wolff > told him that basically straightened it out. > > Here's what I'm trying to accomplish: > > I have 2 internal networks that I'll term > private_private (192.168.1.0/24) > and public_private (192.168.2.0/24). > > The total number of clients between both > networks probably could never exceed 100, > and probably won't ever exceed 50. > > I have one public ip address. > > I need both networks to be able to surf, > but I _never_ want ANY traffic to be able > to go in between except from someone having > direct access to the router. The router shouldn't > be passing any traffic in between private networks. > > My ideal as I've currently envisioned it would be > 3 nic nat, with both private networks being able > to get out the public interface. > > Here's the part that's got me thrown for a loop: > > Run 2 instances of natd on 8668/8669 - no problem. > > Run divert rule twice, one to first nat interface > on 8668, one to second on 8669. > > The second natd line is the problem child for me: > > /sbin/natd -f /etc/natd.conf -p 8669 -alias_address public_address > > Is this to imply that I need to run a second public > address for the second natd instance to run? > > Hopefully I've left out nothing relevant, > > Thanks all. > > Pete > -- > Peter Serwe <peter@easytree.net> > Cheaper, Faster, Better, pick any two. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" -- Peter Serwe <peter@easytree.net> Cheaper, Faster, Better, pick any two.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FE84C46.494045F6>