Date: Sat, 20 Jan 2001 00:34:09 -0700 (MST) From: Nick Rogness <nick@rapidnet.com> To: Ian Kallen <spidaman@arachna.com> Cc: freebsd-hackers@freebsd.org Subject: Re: accessing an outside IP from inside a NAT net Message-ID: <Pine.BSF.4.21.0101200015070.45596-100000@rapidnet.com> In-Reply-To: <Pine.BSF.4.10.10101192125530.11924-100000@along-came-a-spider.arachna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 19 Jan 2001, Ian Kallen wrote: > Well, I've been fiddling with the ipfw syntax, I thought this would do it > /sbin/ipfw add divert 80 all from 10.0.0.128/25 to 206.169.18.10 via ep0 > but that ain't it. > > 10.0.0.128/25 has servers, 10.0.0.0/25 has clients, both gateways > 10.0.0.1 and 10.0.0.129 run off ep0... yes, I've been reading the ipfw man > page and the archives, yet even though the two nets can access each other > directly, I haven't been able to get the clients to access any server > resources via the 206.169.18.10 nat. Further suggestions? > thanks, > -Ian For the following solution, lets assume that you have 2 logical networks 10.0.0.0/25 and 10.0.0.128/25 both bound to the inside interface ep0 (which may or may not be true). Your outside interface we'll call fxp0. You server's inside address is 10.0.0.130 and outside address 206.169.18.10 In /etc/new.firewall.rules: # Divert outside packets in & out ipfw add 100 divert natd ip from any to any via fxp0 # Divert packets from the 10.0.0.0/25 network to the server going to # the public server address ipfw add 200 divert natd ip from 10.0.0.0/25 to 206.169.18.10 via ep0 # Divert packets from the server back to the 10.0.0.0/25 network ipfw add 300 divert natd ip from 10.0.0.130/32 to 10.0.0.0/25 via ep0 ----- In /etc/natd.conf: use_sockets same_ports port 8668 deny_incoming no log redirect_port tcp 10.0.0.128:80 206.169.18.10:80 ----- You could also run a seperate natd because you may run into problems with the alias address that is natd is using. In this case, a simple rule may do the trick: ipfw add 200 divert natd ip from any to any via ep0 Of course, I am making assumptions on how your network is layed out. Nick Rogness - Drive defensively. Buy a tank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101200015070.45596-100000>