From owner-freebsd-ipfw  Thu May 25  8:20:39 2000
Delivered-To: freebsd-ipfw@freebsd.org
Received: from entropy.tmok.com (entropy.tmok.com [204.17.163.11])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6DA2C37C539; Thu, 25 May 2000 08:20:24 -0700 (PDT)
	(envelope-from wonko@entropy.tmok.com)
Received: (from wonko@localhost)
	by entropy.tmok.com (8.9.3/8.9.3) id LAA59553;
	Thu, 25 May 2000 11:26:25 -0400 (EDT)
From: Brian Hechinger <wonko@users.tmok.com>
Message-Id: <200005251526.LAA59553@entropy.tmok.com>
Subject: question about natd/ipfw
To: freebsd-net@freebsd.org, freebsd-ipfw@freebsd.org
Date: Thu, 25 May 2000 11:26:25 -0400 (EDT)
Reply-To: wonko@entropy.tmok.com
X-Useless-Header: why? because i can.
X-Organization: The Ministry of Knowledge
X-Dreams: an OpenWin that is based on current MIT X11 releases
X-Mailer: ELM [version 2.4ME+ PL43 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

NOTE: sorry for the cross-post, tell me which list is more appropriate and i'll
      drop the other one.

a freebsd user has been helping me with this, but this is out of his realm of
experience.  i am setting up a NAT box/router for my Covad/DCA Net DSL link.

i will have two sets of outside IP addresses, a single IP address that will be
bound to my outside interface which comes from covad, and a /29 block from
DCA Net.  the /29 will be routed through the outside interface into the NAT
box, and from there i want to be able to use them as an "outside NAT pool"
externally they will just look like an average domain, but that i will be able
to redirect as i please internally.

so, my question is: what do i do with the /29?  do i create aliases on my 
outside interface for them all?  do i create aliases on my inside interface 
for them all?  do i bind them to lo0? attatching them to the outside interface
seems wrong to me as well as attatching them to the inside interface since
they should be listened to on either interface, hence my thought to bind them
to the loopback device since i view these things as being "virtual"

ipfw: using NAT and firewall_type="open" NAT blocks all non-redirected traffic?


thanks,

-brian


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message