Date: Wed, 2 Feb 2000 08:39:20 -0800 (PST) From: Philip Hallstrom <philip@adhesivemedia.com> To: Ruslan Ermilov <ru@ucb.crimea.ua> Cc: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> Subject: Re: Running natd on multiple interfaces??? Message-ID: <Pine.BSF.4.10.10002020838060.43752-100000@mug.adhesivemedia.com> In-Reply-To: <20000202120352.A36865@relay.ucb.crimea.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
I got it working... my firewall rule was only grabbing half of the packets which was causing problems... I didn't use -reverse though, just did it normally. Works great! (I got tired of maintaining an "internal master dns" an an "external master dns" server). :) Thanks! On Wed, 2 Feb 2000, Ruslan Ermilov wrote: > On Tue, Feb 01, 2000 at 10:34:19AM -0800, Philip Hallstrom wrote: > > Hi - > > I have a rather strange question which needs some explaining. I > > need to run natd on two interfaces and can't get it to work right. > > > > Here's my situation: > > > > > > firewall: > > - ed0: 1.2.3.4, 1.2.3.5 (alias). External interface. > > - xl0: 10.0.0.1. Internal interface with my desktops on it. > > - xl1: 10.1.0.1. Internal interface with my servers. > > - natd is setup to redirect 1.2.3.5 to 10.1.0.2 (my www server). > > > > > > Here's my problem. DNS is setup so that www->1.2.3.5. This will not work > > from machines on the xl0 interface since natd only redirects traffic > > coming into ed0. On xl0, 1.2.3.5 ends up at my firewall, not my www > > server. (I know I can run "fix" this with some fancy DNS, but it won't > > really solve my problem) > > > > How can I setup natd to run on xl0 and *only* have it redirect 1.2.3.5 to > > 10.1.0.2? Is that possible? I tried several different combinations of > > options (including -reverse, -proxy_only, -n xl0, -redirect_addres ....) > > but couldn't get any of it to work. > > I would prefer not to have the IP's "behind" xl0 get remapped to > > 10.0.0.1 if I can help it. > > > 1. Add the following firewall rules: > > divert XXX ip from any to 1.2.3.5 in via xl0 > divert XXX ip from 10.1.0.2 to any out via xl0 > > where XXX is some divert(4) port on which second natd(8) will be run. > > > 2. Start second natd(8) the following way: > > natd -p XXX -n xl0 -reverse -redirect_address 10.1.0.2 1.2.3.5 > > > 3. If this does not work, please add the `log' keyword to the ipfw(8) > rules in step 1, and `-v' flag to natd(8) in step 2. script(1) > output from natd(8), make a connection to 1.2.3.5 from somewhere > behind xl0, and send me the output of natd(8) and dmesg(8) output > from the ipfw(8) rules in step 1. > > > -- > Ruslan Ermilov Sysadmin and DBA of the > ru@ucb.crimea.ua United Commercial Bank, > ru@FreeBSD.org FreeBSD committer, > +380.652.247.647 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10002020838060.43752-100000>