Date: Tue, 17 Feb 2004 11:21:45 -0800 (PST) From: Bryce Newall <data@dreamhaven.org> To: FreeBSD Questions List <freebsd-questions@freebsd.org> Subject: natd originating IP Message-ID: <20040217111052.M92560@calico.dreamhaven.org>
next in thread | raw e-mail | index | archive | help
Greetings everyone, I am attempting to set up what I thought would be a simple natd configuration, but is turning out to be a little bit trickier than I thought. I have a FreeBSD machine with 2 internet visible IPs on it. The machine also has 2 NICs; the first NIC has the 2 external IPs, and the second has an IP of 10.0.0.1 for the LAN. On the LAN is a Windows 2000 server, running Exchange 2000 and a couple of other services that are accessible from the outside via natd redirects on the FreeBSD box. (Well, Exchange isn't directly accessible, but Outlook Web Access is.) Right now, I have natd running, binding to the second IP address (using the -a <ip address> switch. The problem with that is, I now have the unwanted side-effect of having all outbound traffic appearing to originate from the second IP address, both from the LAN and from the FreeBSD box itself. The main reason for using the second IP address is that I have a web server running on port 80 on the FreeBSD box (the company's web site), and also have Outlook Web Access running on port 80 on the Win2000 server, and I would prefer not to have to have the users connect to OWA on a special port (most likely, they'll forget). Also, by having outgoing traffic originate from the first IP rather than the second, it provides an extra layer of protection for the Exchange server (i.e. people wouldn't see that there's another IP address out there with ports exposed to a Windows machine). So what I'm wondering is, is there a way to redirect the incoming traffic on the second IP address that I want to redirect to the Win2000 server, and still be able to have all outbound traffic originate from the first IP? Thanks in advance! ********************************************************* * Bryce Newall * Email: data@dreamhaven.org * * www.dreamhaven.org/~data * * "Computers make very fast, very accurate mistakes." * *********************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040217111052.M92560>
