Date: Tue, 1 Feb 2000 23:00:04 -0500 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Philip Hallstrom <philip@adhesivemedia.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Running natd on multiple interfaces??? Message-ID: <20000201230004.B36064@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <Pine.BSF.4.10.10002011032430.39820-100000@mug.adhesivemedia.com>; from philip@adhesivemedia.com on Tue, Feb 01, 2000 at 10:34:19AM -0800 References: <Pine.BSF.4.10.10002011032430.39820-100000@mug.adhesivemedia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 01, 2000 at 10:34:19AM -0800, Philip Hallstrom wrote: > Hi - > I have a rather strange question which needs some explaining. I > need to run natd on two interfaces and can't get it to work right. > > Here's my situation: > > > firewall: > - ed0: 1.2.3.4, 1.2.3.5 (alias). External interface. > - xl0: 10.0.0.1. Internal interface with my desktops on it. > - xl1: 10.1.0.1. Internal interface with my servers. > - natd is setup to redirect 1.2.3.5 to 10.1.0.2 (my www server). > > > Here's my problem. DNS is setup so that www->1.2.3.5. This will not work > from machines on the xl0 interface since natd only redirects traffic > coming into ed0. On xl0, 1.2.3.5 ends up at my firewall, not my www > server. (I know I can run "fix" this with some fancy DNS, but it won't > really solve my problem) > > How can I setup natd to run on xl0 and *only* have it redirect 1.2.3.5 to > 10.1.0.2? Is that possible? I tried several different combinations of > options (including -reverse, -proxy_only, -n xl0, -redirect_addres ....) > but couldn't get any of it to work. > I would prefer not to have the IP's "behind" xl0 get remapped to > 10.0.0.1 if I can help it. I don't think there is anything you can do to natd to fix this. I think the problem might be that natd never sees the packets. Do you have a firewall rule like so? 0400 divert 8668 ip any to any via ed0 If the packets come in from xl0 and are destined for 1.2.3.5, they never get diverted. I've been thinking about ways to get the packets to natd, but I'm not convinced that would work right if you did. I've also thought of having a second natd running, but it seems to get very messy. It's bugging me. Please post the solution if you find one. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000201230004.B36064>