From owner-freebsd-isp  Sun Dec  5 10:50:54 1999
Delivered-To: freebsd-isp@freebsd.org
Received: from mail.wzrd.com (mail.wzrd.com [206.99.165.3])
	by hub.freebsd.org (Postfix) with ESMTP id B69B315420
	for <freebsd-isp@freebsd.org>; Sun,  5 Dec 1999 10:50:52 -0800 (PST)
	(envelope-from danh@wzrd.com)
Received: by mail.wzrd.com (Postfix, from userid 91)
	id ACD495D064; Sun,  5 Dec 1999 13:50:51 -0500 (EST)
Subject: Re: IPFilter and xntpd
In-Reply-To: <384A8AF9.3287B947@fil.net> from aLan Tait at "Dec 5, 1999 11:55:37 pm"
To: aLan@fil.net (aLan Tait)
Date: Sun, 5 Dec 1999 13:50:51 -0500 (EST)
Cc: freebsd-isp@freebsd.org
X-Mailer: ELM [version 2.4ME+ PL43 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 506       
Message-Id: <19991205185051.ACD495D064@mail.wzrd.com>
From: danh@wzrd.com (Dan Harnett)
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Can this be?  Am I missing something that would allow the
> return packets to return to "123.45.102.1" instead of
> "192.168.1.2"???
> 

What you need to do here is enable IPNAT.  This will translate the internal
addresses to the 123.45.102.1 address.  Some simple rules to allow most of the
basic services are:

map xl0 192.168.0.0/16 -> 123.45.102.1/32 proxy port ftp ftp/tcp
map xl0 192.168.0.0/16 -> 123.45.102.1/32 portmap tcp/udp 10000:60000
map xl0 192.168.0.0/16 -> 123.45.102.1/32


Dan Harnett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message