Date: Thu, 2 Sep 2004 10:14:07 -0400 (EDT) From: "Steve Bertrand" <iaccounts@ibctech.ca> To: "Shawn" <list@pc-remedies.net> Cc: freebsd questions <freebsd-questions@freebsd.org> Subject: Re: port redirection from 2 public ips -> natd to a single service. Message-ID: <1966.209.167.16.15.1094134447.squirrel@209.167.16.15> In-Reply-To: <20040902034920.M23017@pc-remedies.net> References: <20040902034920.M23017@pc-remedies.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm using natd and doing port redirection with a natd.conf file. I > have a > mission to accomplish this week last sec. O NO... Ok, off the top of the head... Can you run a separate instance of natd, on a separate port, and use IPFW to properly filter? For instance: ipfw 10 divert 8669 all from any to $secondIP # 2nd instance natd ipfw 20 divert 8668 all from any to any out via $outside_interface ipfw 30 divert 8669 all from $mailserver to any out via $outside_if ipfw 40 divert 8668 all from any to any in via $outside_interface natd could be started like this (for the standard natting): # /usr/sbin/natd -a primary_ip and the second instance (for the mail server) # /usr/sbin/natd -a secondary_ip -i 8669 -redirect_port 10.0.0.10:25 25 etc..etc. I have no idea if this will actually work, but it sounds good in my head as far as theory is concerned. Steve > > We have to change our IP address on the mail server and they run this > mail > server off a windows machine.. (placeing the windows machine one the > Internet > with out firewall is out of the question) we need 2 public IP > addresses to > redirect to a single machine behind them. > > The firewall in place now allows DMZ hosting. However, it will not > allow us to > alias an address outside of its network. > > plan is to place a freebsd machine in the middle and configure natd > with ipfw > and so on... well we got the machine working as the gateway and > redirected > traffic for 110 and 25. as well as a test port 8384. That was great.. > more > like a good time!! ;-) well the challenge was to alias an address to > the > public interface and see if that would work. results are .. > > we could see port redirection working on the Primary address and not > the > secondary. all though the machine was responding for both IPs. (made > connections to the freebsd machine on both IPs) Just the port > forwarding would > not work. > > > we also tried placing the IP address where we had the interface name > to enable > nat and listed it twice. one for each address. > > same results.. > > we then tried to place another physical interface into the machine and > muk > with nat in that way. no luck... to be honest the brain had series > pain at the > moment and I cant remember much more.. > > Wondering if there is someone out there who maybe able to answer this > one or > place me ina direction. This could save a us from a future migraine > from the > ear full we will get.. hehe :-) > > Thanks for your time.. > > Shawn > > "PC's are like air conditioners.. They are both useless with windows > open!!!!" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1966.209.167.16.15.1094134447.squirrel>