On Sat, 12 Jun 2004, Stacey Roberts wrote:

> Hello,
>      I am looking to replace a proprietary DSL router/modem with the Sangoma S518 
> ADSL PCI Controller, thereby placing a FreeBSD (4.10-Stable) server running ipfw to 
> handle access, firewall and nat duties.
> The ISP's DSL package includes 8 static ip addresses: -
> 1 - network addr
> 1 - broadcast addr
> 1 "router" address
> 5 usable ip addresses
> I have been reading up on NAT and address redirection in the HandBook 
> (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html) and 
> have come accross section 19.13.5
> Address Redirection. Here it reads:
> The -redirect_address syntax is as follows:
> -redirect_address localIP publicIP
> localIP         The internal IP address of the LAN client.
> publicIP        The external IP address corresponding to the LAN client.
> In the example, this argument would read:
> -redirect_address
> -redirect_address
> What I would like to know is if it is possible to do to following: -
> Given that the 5 usable public IP's are:,,, &
> 1] G'Way host is assigned its own public IP -
> 2] LAN hosts' (all) traffic is NAT'd using one of the other public IP's -
> 3] Remaining 4 public IP addresses are left to be used other purposes (eg: "true" 
> address redirection to a DMZ-host, that is not a member of the internal LAN subnet)

All entirely reasonable

> As you see, the g'way's public ip is not being used for NAT'ing internal hosts' 
> outgoing traffic, but another ip from within the assignied public ip address range. 
> My reading of the NAT chapter does not suggest that there is a way to define the 
> public IP with which traffic is to be translate. Is this functionality not 
> supported, or have I missed something when reading the various sections?

You havent missed anything in the hand book but I suggest reading the natd
manpage, specificly
 -alias_address | -a address
                 Use address as the aliasing address.  Either this or the
                 -interface option must be used (but not both), [more here
but no need to post it as you have it all already]

Also it might be worth looking at at the ipf/ipnat ipfilter stuff  and seeing which
you find easier to use. (examples in /usr/share/examples/ipfilter for
ipfilter , see the handbook or manpage for ipfw.)

> I'd appreciate any pointers to where I might find more information that might assist 
> me, or an explanation of what it is that I am not understanding when reading the 
> HandBook.
> Thanks for the time.
> Regards,
> Stacey
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to