From owner-freebsd-questions  Tue Jan  5 15:56:48 1999
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA05363
          for freebsd-questions-outgoing; Tue, 5 Jan 1999 15:56:48 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from kot.ne.mediaone.net (kot.ne.mediaone.net [24.128.29.136])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA05346;
          Tue, 5 Jan 1999 15:56:46 -0800 (PST)
          (envelope-from mi@aldan.algebra.com)
Received: from rtfm.ziplink.net (rtfm [10.10.0.1])
	by kot.ne.mediaone.net (8.9.1a/8.9.1) with ESMTP id SAA00498;
	Tue, 5 Jan 1999 18:56:00 -0500 (EST)
From: Mikhail Teterin <mi@aldan.algebra.com>
X-Relay-IP: 10.10.0.1
Received: (from root@localhost)
	by rtfm.ziplink.net (8.9.1/8.9.1) id SAA94364;
	Tue, 5 Jan 1999 18:56:47 -0500 (EST)
Message-Id: <199901052356.SAA94364@rtfm.ziplink.net>
Subject: natd, 2 interfaces
To: questions@FreeBSD.ORG, net@FreeBSD.ORG
Date: Tue, 5 Jan 1999 18:56:47 -0500 (EST)
Reply-To: mi@aldan.algebra.com
X-Mailer: ELM [version 2.4ME+ PL49 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Please, please!

Somebody, who understands the difference between "desired" and
"requested" in the natd(8) man page provide a working example of
ipfw rules and natd redirections for the following scheme:

	===_==== Internet === ISP-news-server ===
	   |
	 public if            -- internal0 (10.10.0.1)
	   |                  |
	dual-interface        ......
	machine               |
	   |                  -- internalN (10.10.0.N)
	 private if ----------|
	 (10.10.0.N+1)

I want to use the ISP's news server from my internal machines.
I do NOT want to use nntpproxy or socks5. It appears, I can use
ipfw/natd on the "dual interface machine" (say, aldan) to forward
connections to its port 119, which come through private if (say,
ep0) to the new-server. I tried the following:

	00050 divert 6668 tcp from 10.10.0.1 to any
	00200 deny ip from any to 127.0.0.0/8
	65535 allow ip from any to any

and the following natd.conf :

	same_ports yes
	log yes
	redirect_port tcp news.ISP.net:nntp nntp
	interface ep0
	deny_incoming no

with some variations. Nothing helps :( I'd appreciate any suggestions.
Yours,

	-mi

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message