From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 19 07:34:59 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 70D511065672 for ; Thu, 19 Mar 2009 07:34:59 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outP.internet-mail-service.net (outp.internet-mail-service.net [216.240.47.239]) by mx1.freebsd.org (Postfix) with ESMTP id 55B8B8FC12 for ; Thu, 19 Mar 2009 07:34:59 +0000 (UTC) (envelope-from julian@elischer.org) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id A57E5C362; Thu, 19 Mar 2009 00:34:35 -0700 (PDT) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (home.elischer.org [216.240.48.38]) by idiom.com (Postfix) with ESMTP id A01D62D6004; Thu, 19 Mar 2009 00:34:34 -0700 (PDT) Message-ID: <49C1F593.2050009@elischer.org> Date: Thu, 19 Mar 2009 00:34:43 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209) MIME-Version: 1.0 To: Lin Zhao References: <437446889.08051@ustc.edu.cn> In-Reply-To: <437446889.08051@ustc.edu.cn> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-ipfw@freebsd.org, lists@jnielsen.net Subject: Re: pls help on 3 interfaces X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 07:34:59 -0000 Lin Zhao wrote: > too much thx for Julian Elischer & John Nielsen..... > i've tried it, and it seems working now, > but i don't know if i'm right in setting natd2.... > i just add one line in /etc/services as "natd2 8669" > and run a command: natd -n fxp1 -p 8669 > seems so stupid. I assume you mean "simple" instead of stupid... :-) I don't think you need natd2 in /etc/services... but as long as the ipfw and natd agree in the port number it should work. You didn't say if you have nat already. but if you do then I believe natd can do more than one nat with a single instance now. (phk added that some time ago) but I have never done it, so I can not tell you how... read the man page... also the in-kernel nat available in ipfw can do this and you can also do multiple NATS with that too but once again, I haven't done it myself. > > Lin > > 在您的来信中曾经提到: >> From: John Nielsen >> Reply-To: >> To: freebsd-ipfw@freebsd.org, Lin Zhao >> Subject: Re: pls help on 3 interfaces >> Date:Wed, 18 Mar 2009 23:23:56 -0400 >> >> On Wednesday 18 March 2009 10:36:15 pm Lin Zhao wrote: >>> hi all, wish my english is enough :-) >>> my freebsd has 3 interfaces, like this, >>> >>> ---- ----switch1 >>> >>> | ---------- fxp0 | >>> | >>> | | |--------- >>> >>> internal |--------|freebsd71 | >>> >>> | rl0 | |--------- >>> | ---------- fxp1 | >>> >>> ---- ----switch2 >>> >>> we're in the internal and want to visit outside >>> we use fxp0 for default outside address and it works well >>> but for some reason, i want to use fxp1 for some special outside >>> address how can i do for it? >>> thanks a lot. >> Is the FreeBSD box performing network address translation (NAT)? I'm going >> to assume that it is and everything is being aliased through fxp0. I'm >> also assuming you're using ipfw since you wrote to the ipfw list. >> >> If the IP addresses which you'd like to reach via fxp1 are static, you >> should be able to do something like the following: >> >> Configure static routes on the FreeBSD machine for the the special outside >> addresses using the gateway of fxp1's network as the router. >> Configure an additional NAT rule (if still using natd now might be a good >> time to switch to in-kernel ipfw NAT..) to alias through fxp1. >> Configure ipfw to direct traffic to/from the special outside addresses to >> the new NAT instance instead of the default. >> >> I actually used a similar setup recently. If you care to confirm my >> assumptions above I can give you a more step-by-step guide. >> >> JN >> >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >> > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"