A client wants to "expose" a host on a LAN behind a NAT firewall to the Internet at large. The host is is behind a FreeBSD machine that's functioning as (among other things) a NAT router. The host already has an unregistered internal address (which it needs to keep), but also must allow others to connect to it from the outside world via a "real" IP address that's distinct from that of the router. In other words, from the point of view of the Internet, I want the host to look as if it's outside the firewall at a separate address from the firewall itself.

The natd man page mentions a -redirect_address command line option which looks as if it would do PART of the job. But what other configuration do I have to do (e.g. changes to rc.firewall, rc.conf, etc.) to make this work? I'm sure I could tinker and figure all of this out, but this week is quite busy and I need to get things set up in a hurry. (Also, it's a production system and don't want to cause unnecessary downtime while I experiment.) Advice, and sample lines from configuration files, would be much appreciated.

--Brett Glass

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to