From owner-freebsd-questions  Wed Jan 28 00:02:26 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA15565
          for questions-outgoing; Wed, 28 Jan 1998 00:02:26 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from gilberto.physik.RWTH-Aachen.DE (gilberto.physik.rwth-aachen.de [137.226.30.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA15559
          for <freebsd-questions@freebsd.org>; Wed, 28 Jan 1998 00:02:18 -0800 (PST)
          (envelope-from kuku@gilberto.physik.RWTH-Aachen.DE)
Received: (from kuku@localhost)
	by gilberto.physik.RWTH-Aachen.DE (8.8.7/8.8.7) id JAA05326;
	Wed, 28 Jan 1998 09:06:48 GMT
	(envelope-from kuku)
Message-ID: <19980128090647.59235@gil.physik.rwth-aachen.de>
Date: Wed, 28 Jan 1998 09:06:47 +0000
From: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>
To: Brian Somers <brian@awfulhak.org>
Cc: freebsd-questions@FreeBSD.ORG, chrisa@commlet.com
Subject: Re: natd/libalias question
References: <9712231512.aa08867@commlet.commlet.com> <199712240148.BAA18064@awfulhak.demon.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.81e
In-Reply-To: <199712240148.BAA18064@awfulhak.demon.co.uk>; from Brian Somers on Wed, Dec 24, 1997 at 01:48:45AM +0000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk

On Wed, Dec 24, 1997 at 01:48:45AM +0000, Brian Somers wrote:
> > Greetings,
> > 
> > 	Do the packet aliasing functions in libalias only work with private
> > IP addresses?  10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.
> 
> No - any addresses are fair game :-)
> 
> > 	I am setting up a firewall for our (as yet undelivered) internet line
> > and my predecessors decided to make our interior network 126.0.0.0/24.  I plan
> > on changing this but for testing purposes of natd & ipfw I have left these 
> > alone.  It appears that libalias is not doing what is says it should.  I have
> > natd started with -redirect_address 126.0.0.90 38.156.234.7 which according to
> > the man pages for libalias & natd should allow outgoing requests from 126.0.0.90to appear as 38.156.234.7 and incoming requests for 38.156.234.7 to go to
> > 126.0.0.90.
> > 
> > Here is my network setup:
> > 
> > 	126.0.0.90 Internal machine
> > 	38.156.234.5 2.2.5-RELEASE with natd and ipfw running
> > 		     ed1 connected to 126.0.0.0/24
> > 		     ed0 connected to 38.156.234.0/24
> > 	38.156.234.3 2.2.5-RELEASE 
> > 
> > I run natd like so on 38.156.234.5:
> > 	natd -v -redirect_address 126.0.0.90 38.156.234.7 -n ed0
> > 
> > And I ping 38.156.234.3 from 126.0.0.90.  Ping gets packets from 38.156.234.3 
> > but when I look at the output from natd I see:
> > 
> > Out [ICMP]	126.0.0.90 -> 38.156.234.3 aliased to
> > 		38.156.234.5 -> 38.156.234.3
> > In  [ICMP]	38.156.234.3 -> 38.156.234.5 aliased to
> > 		38.156.234.3 -> 126.0.0.90
> > 
> > Now according to the manpages, the output above should have .5 replaced with
> > .7
> > 
> > Any ideas?
> 
> Maybe the problem is that you're not quoting the argument to 
> -redirect_address ?

Sorry, it's a while back but I found this in the questions list while
seeking for tips to set up my natd/ipfw.

What do you mean by quoting? Where in the man page is this said?

I'm desparately trying to establish natd/ipfw on my local network
with one gateway machine to the internet.

          |
         ISDN  (bisdn)
          |
          |
    137.226.123.27 
          |
        FreeBSD BOX (gateway)
        ipi0: flags=2851<UP,POINTOPOINT,RUNNING,SIMPLEX,LINK1> mtu 1500
               inet 137.226.123.27 --> 137.226.123.1 netmask 0xffffffff
          |
        le0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
               inet 192.168.1.119 netmask 0xffffff00 broadcast 192.168.1.255
               ether 08:00:b9:34:c6:e8 
          |
    192.168.1.119
          |
----------+-----------------------+----------------+-------------
                                  |                |
                             192.168.1.114
                               (inside)

I only have one official IP address. I want to set up natd/ipfw
such that I can go out from the inside machine (192.168.1.114)
to the outside world. From the few I understand about natd this is
possible.

But how do I set it up. 
This is my present /etc/rc.firewall:
/sbin/ipfw -f flush
##/sbin/ipfw add divert natd all from any to any via le0
##/sbin/ipfw add divert natd all from 192.168.1.114 to 192.168.1.119 via le0
##/sbin/ipfw add divert natd all from 192.168.1.119 to 137.226.145.27 via ipi0
/sbin/ipfw add pass all from any to any

You see my desparate signs of experimenting.

Routing info on the gateway:

isdn-kukulies# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Refs     Use     Netif Expire
default            137.226.123.1      UGSc        3     1725      ipi0
127.0.0.1          127.0.0.1          UH          0        0       lo0
137.226.123.1      137.226.123.27     UH          2       11      ipi0
192.168.0.1        192.168.1.119      UH          0        0      ipi1
192.168.0.4        192.168.1.119      UGHS        0        0      ipi0
192.168.1          link#1             UC          0        0 
192.168.1.114      0:0:c0:47:c5:a1    UHLW        1     1073       le0    157
192.168.1.119      8:0:b9:34:c6:e8    UHLW        0        6       lo0
192.168.1.217      0:e0:29:b:7e:4a    UHLW        0        1       le0    655

AppleTalk:
Destination        Gateway            Flags     Refs     Use     Netif Expire


> 
> > Chris Aubuchon
> > chrisa@commlet.com
> > 		
> 
> -- 
> Brian <brian@Awfulhak.org>, <brian@FreeBSD.org>, <brian@OpenBSD.org>
>       <http://www.Awfulhak.org>
> Don't _EVER_ lose your sense of humour....
> 
--
Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de