From owner-freebsd-questions Wed Jul 28 4:55: 6 1999 Delivered-To: freebsd-questions@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.128.198]) by hub.freebsd.org (Postfix) with ESMTP id 9036414F22 for ; Wed, 28 Jul 1999 04:55:02 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from keep.lan.Awfulhak.org (localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id MAA99614; Wed, 28 Jul 1999 12:54:59 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from keep.lan.Awfulhak.org (brian@localhost.lan.Awfulhak.org [127.0.0.1]) by keep.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id MAA01940; Wed, 28 Jul 1999 12:55:32 +0100 (BST) (envelope-from brian@keep.lan.Awfulhak.org) Message-Id: <199907281155.MAA01940@keep.lan.Awfulhak.org> X-Mailer: exmh version 2.0.2 2/24/98 To: Dan Simoes Cc: brian@FreeBSD.org.uk (Brian Somers), dans@iclick.com (Dan Simoes), freebsd-questions@FreeBSD.ORG (freebsd-questions@FreeBSD.ORG) Subject: Re: setting up redirects with natd/firewall In-reply-to: Your message of "Wed, 28 Jul 1999 07:25:49 EDT." <199907281125.HAA02435@deva.iclick.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 28 Jul 1999 12:55:32 +0100 From: Brian Somers Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > redirect_port tcp 192.168.100.D:80 80 > > OK, I'll give that a shot. I should point out for the archives > that the D above refers to a random number (I didn't want to > use real network numbers). > > Now, that still leaves two issues - how does traffic for > A.B.C.D "know" to go to the firewall (ie, do I use a cname, static arp, > virtual ip?) and what if I have more than one web server behind > the firewall? Natd should be run on the interface with address A.B.C.D. It does the redirect_port on the primary address by default. If you have more than one web server, you'll need to run natd on a multi-homed interface and do something like redirect_port tcp 192.168.100.A:80 A.B.C.D:80 redirect_port tcp 192.168.100.B:80 E.F.G.H:80 where A.B.C.D and E.F.G.H are your external addresses. > Sorry if I'm missing something obvious. Let me know if there is a > different list I should be using for this, the other lists were all > listed as "technical"... This is probably the best list. > | Dan | > > > > I'm new to freebsd, so bear with me. > > > > > > I've been struggling for the past few days to get a firewall set > > > up using freebsd/ipfw/natd. I've got everything running, and now > > > all that is left is to accomplish some remapping. > > > > > > To wit: > > > > > > - traffic for server A.B.C.D on port 80 should be remapped to > > > internal server 192.168.100.D on port 80 > > > - replies from that internal server should be remapped at the > > > firewall to appear to come from A.B.C.D > > > > > > I'm trying to do this with -redirect_address in natd, but > > > I imagine there are also some issues with adding static routes > > > via arp so traffic "knows" to go to the firewall? > > > > > > If anyone has an example config file for natd I'd greatly appreciate > > > it. > -- > Dan Simoes mail:dans@iclick.com > iClick web:www.iclick.com > 410 Saw Mill River Road LL 135 voice: 914.693.0837 > Ardsley, NY 10502 fax:914.693.1055 > -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message