From owner-freebsd-hackers Fri Jan 19 23: 4:53 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id 69D3A37B699 for ; Fri, 19 Jan 2001 23:04:33 -0800 (PST) Received: from localhost (nick@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id AAA12494; Sat, 20 Jan 2001 00:04:29 -0700 (MST) Date: Sat, 20 Jan 2001 00:04:29 -0700 (MST) From: Nick Rogness To: Ian Kallen Cc: freebsd-hackers@freebsd.org Subject: Re: accessing an outside IP from inside a NAT net In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 19 Jan 2001, Ian Kallen wrote: > Well, I've been fiddling with the ipfw syntax, I thought this would do it > /sbin/ipfw add divert 80 all from 10.0.0.128/25 to 206.169.18.10 via ep0 > but that ain't it. > > 10.0.0.128/25 has servers, 10.0.0.0/25 has clients, both gateways > 10.0.0.1 and 10.0.0.129 run off ep0... yes, I've been reading the ipfw man > page and the archives, yet even though the two nets can access each other > directly, I haven't been able to get the clients to access any server > resources via the 206.169.18.10 nat. Further suggestions? I have had this same problem before and have solved it when dealing with setup of a DMZ using FreeBSD. This is actually a pretty tricky ipfw setup to get it to work right (depending on network layout). Let me see if I can give you the details. But first I need a tad more details on how your network is laid out. Are 10.0.0.129 & 10.0.0.1 bound to the same ethernet card? Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message