Date: Fri, 19 Jan 2001 23:49:58 -0800 (PST) From: Ian Kallen <spidaman@arachna.com> To: Nick Rogness <nick@rapidnet.com> Cc: freebsd-hackers@freebsd.org Subject: Re: accessing an outside IP from inside a NAT net Message-ID: <Pine.BSF.4.10.10101192335000.11924-100000@along-came-a-spider.arachna.com> In-Reply-To: <Pine.BSF.4.21.0101192358210.45596-100000@rapidnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cool, thanks. Yes, there's now two subnets on the internal network. I changed the IP on the backend here's the config details: # /etc/rc.conf excerpt ifconfig_ed0="inet 206.169.18.10 netmask 255.255.255.0" ifconfig_ep0="inet 10.0.0.1 netmask 255.255.255.128" ifconfig_ep0_alias0="inet 10.0.0.129 netmask 255.255.255.128" # /etc/natd.conf use_sockets same_ports port 8668 deny_incoming no log redirect_port tcp 10.0.0.130:80 206.169.18.10:80 # /etc/rc.firewall /sbin/ipfw -f flush /sbin/ipfw add divert natd all from any to any via ed0 /sbin/ipfw add pass all from any to any So if you can suss the incantation that allows 10.0.0.0/25 hosts to access 10.0.0.130 via 206.169.18.10, I think I'd be all set! thanks, -Ian -- Ian Kallen <spidaman@arachna.com> | AIM: iankallen | efax: (415) 354-3326 On Sat, 20 Jan 2001, Nick Rogness wrote: > On Fri, 19 Jan 2001, Ian Kallen wrote: > > > Well, I've been fiddling with the ipfw syntax, I thought this would do it > > /sbin/ipfw add divert 80 all from 10.0.0.128/25 to 206.169.18.10 via ep0 > > but that ain't it. > > > > 10.0.0.128/25 has servers, 10.0.0.0/25 has clients, both gateways > > 10.0.0.1 and 10.0.0.129 run off ep0... yes, I've been reading the ipfw man > > page and the archives, yet even though the two nets can access each other > > directly, I haven't been able to get the clients to access any server > > resources via the 206.169.18.10 nat. Further suggestions? > > I have had this same problem before and have solved it when > dealing with setup of a DMZ using FreeBSD. > > This is actually a pretty tricky ipfw setup to get it to work > right (depending on network layout). Let me see if I can give you > the details. But first I need a tad more details on how your > network is laid out. > > Are 10.0.0.129 & 10.0.0.1 bound to the same ethernet card? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10101192335000.11924-100000>