From owner-freebsd-hackers  Fri Jan 19 23:45:35 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from arachna.com (dnai-216-15-61-88.cust.dnai.com [216.15.61.88])
	by hub.freebsd.org (Postfix) with SMTP id 597EF37B400
	for <freebsd-hackers@freebsd.org>; Fri, 19 Jan 2001 23:45:17 -0800 (PST)
Received: (qmail 12520 invoked by uid 1001); 20 Jan 2001 07:49:58 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 20 Jan 2001 07:49:58 -0000
Date: Fri, 19 Jan 2001 23:49:58 -0800 (PST)
From: Ian Kallen <spidaman@arachna.com>
To: Nick Rogness <nick@rapidnet.com>
Cc: freebsd-hackers@freebsd.org
Subject: Re: accessing an outside IP from inside a NAT net
In-Reply-To: <Pine.BSF.4.21.0101192358210.45596-100000@rapidnet.com>
Message-ID: <Pine.BSF.4.10.10101192335000.11924-100000@along-came-a-spider.arachna.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Cool, thanks. Yes, there's now two subnets on the internal network.  I
changed the IP on the backend here's the config details:

# /etc/rc.conf excerpt
ifconfig_ed0="inet 206.169.18.10  netmask 255.255.255.0"
ifconfig_ep0="inet 10.0.0.1  netmask 255.255.255.128"
ifconfig_ep0_alias0="inet 10.0.0.129 netmask 255.255.255.128"

# /etc/natd.conf
use_sockets
same_ports
port 8668
deny_incoming no
log
redirect_port tcp 10.0.0.130:80 206.169.18.10:80

# /etc/rc.firewall
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via ed0
/sbin/ipfw add pass all from any to any

So if you can suss the incantation that allows 10.0.0.0/25 hosts to access
10.0.0.130 via 206.169.18.10, I think I'd be all set!
thanks,
-Ian

--
Ian Kallen <spidaman@arachna.com> | AIM: iankallen | efax: (415) 354-3326

On Sat, 20 Jan 2001, Nick Rogness wrote:

> On Fri, 19 Jan 2001, Ian Kallen wrote:
> 
> > Well, I've been fiddling with the ipfw syntax, I thought this would do it
> > /sbin/ipfw add divert 80 all from 10.0.0.128/25 to 206.169.18.10 via ep0
> > but that ain't it.
> > 
> > 10.0.0.128/25 has servers, 10.0.0.0/25 has clients, both gateways 
> > 10.0.0.1 and 10.0.0.129 run off ep0... yes, I've been reading the ipfw man
> > page and the archives, yet even though the two nets can access each other 
> > directly, I haven't been able to get the clients to access any server
> > resources via the 206.169.18.10 nat.  Further suggestions?
> 
> 	I have had this same problem before and have solved it when
> 	dealing with setup of a DMZ using FreeBSD.
> 
> 	This is actually a pretty tricky ipfw setup to get it to work
> 	right (depending on network layout).  Let me see if I can give you
> 	the details.  But first I need a tad more details on how your
> 	network is laid out.
> 
> 	Are 10.0.0.129 & 10.0.0.1 bound to the same ethernet card?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message