Date: Wed, 28 Jul 1999 12:55:32 +0100 From: Brian Somers <brian@FreeBSD.org.uk> To: Dan Simoes <dans@deva.iclick.com> Cc: brian@FreeBSD.org.uk (Brian Somers), dans@iclick.com (Dan Simoes), freebsd-questions@FreeBSD.ORG (freebsd-questions@FreeBSD.ORG) Subject: Re: setting up redirects with natd/firewall Message-ID: <199907281155.MAA01940@keep.lan.Awfulhak.org> In-Reply-To: Your message of "Wed, 28 Jul 1999 07:25:49 EDT." <199907281125.HAA02435@deva.iclick.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > redirect_port tcp 192.168.100.D:80 80
>
> OK, I'll give that a shot. I should point out for the archives
> that the D above refers to a random number (I didn't want to
> use real network numbers).
>
> Now, that still leaves two issues - how does traffic for
> A.B.C.D "know" to go to the firewall (ie, do I use a cname, static arp,
> virtual ip?) and what if I have more than one web server behind
> the firewall?
Natd should be run on the interface with address A.B.C.D. It does
the redirect_port on the primary address by default. If you have
more than one web server, you'll need to run natd on a multi-homed
interface and do something like
redirect_port tcp 192.168.100.A:80 A.B.C.D:80
redirect_port tcp 192.168.100.B:80 E.F.G.H:80
where A.B.C.D and E.F.G.H are your external addresses.
> Sorry if I'm missing something obvious. Let me know if there is a
> different list I should be using for this, the other lists were all
> listed as "technical"...
This is probably the best list.
> | Dan |
>
> > > I'm new to freebsd, so bear with me.
> > >
> > > I've been struggling for the past few days to get a firewall set
> > > up using freebsd/ipfw/natd. I've got everything running, and now
> > > all that is left is to accomplish some remapping.
> > >
> > > To wit:
> > >
> > > - traffic for server A.B.C.D on port 80 should be remapped to
> > > internal server 192.168.100.D on port 80
> > > - replies from that internal server should be remapped at the
> > > firewall to appear to come from A.B.C.D
> > >
> > > I'm trying to do this with -redirect_address in natd, but
> > > I imagine there are also some issues with adding static routes
> > > via arp so traffic "knows" to go to the firewall?
> > >
> > > If anyone has an example config file for natd I'd greatly appreciate
> > > it.
> --
> Dan Simoes mail:dans@iclick.com
> iClick web:www.iclick.com
> 410 Saw Mill River Road LL 135 voice: 914.693.0837
> Ardsley, NY 10502 fax:914.693.1055
>
--
Brian <brian@Awfulhak.org> <brian@FreeBSD.org>
<http://www.Awfulhak.org>; <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@FreeBSD.org.uk>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907281155.MAA01940>