From owner-freebsd-questions  Sat Jun 22 13:19:12 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from valis.olywa.net (valis.olywa.net [216.173.192.2])
	by hub.freebsd.org (Postfix) with ESMTP id 7627837B404
	for <freebsd-questions@freebsd.org>; Sat, 22 Jun 2002 13:19:03 -0700 (PDT)
Received: from intrepid.snowpoint.com ([216.173.213.173])
          by valis.olywa.net (Post.Office MTA v3.5.3 release 223
          ID# 0-56662U5000L500S0V35) with ESMTP id net
          for <freebsd-questions@freebsd.org>;
          Sat, 22 Jun 2002 13:18:57 -0700
Received: from ([216.173.213.172])
        by intrepid.snowpoint.com (Merak 4.10.020) with SMTP id HUB36795
        for <freebsd-questions@freebsd.org>; Sat, 22 Jun 2002 13:14:16 -0700
From: "Corey Snow" <corey@snowpoint.com>
To: freebsd-questions@freebsd.org
Date: Sat, 22 Jun 2002 13:19:02 -0700
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: natd and private networks
Message-ID: <3D147946.1601.104DAD03@localhost>
X-mailer: Pegasus Mail for Win32 (v3.12c)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I have a situation where I have a setup like so:

Internet<-->[Filtering Bridge]<-->DMZ<-->[NATD]<-->LAN

My filtering bridge works great (thanks to everyone on here for the 
assistance, by the way).

I've mananged to get the NATD box working as well, and traffic on the 
internal LAN can go out to the Internet via the DMZ and the bridge. 
Problem is that I'd like to add a new wrinkle to this- some of the 
systems on the DMZ have RFC1918 addresses, not public, or have 
RFC1918 addresses in addition to their public IPs. I'd like to be 
able to access these RFC1918 addresses via NATD as well as normal 
public Internet access.

So I think what I need is to be able to cause natd to bind to two 
external IP addresses- the network interface on the natd box is 
configured with a primary and alias address, but I can't get it to 
route traffic between my two RFC1918 segments on the DMZ and my 
private LAN. That way I could establish specific rules for hosts on 
my LAN to access specific hosts on the DMZ for various purposes, 
without using public IP addresses.

Does anyone have any thoughts, or can natd do this?

The natd box is a Pentium 200 MMX w/ 64MB RAM and running FreeBSD 4.5-
RELEASE. It's running a custom kernel compiled with IPFIREWALL and 
IPDIVERT.

Thanks,

Corey Snow


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message