On Sat, 12 Jun 2004, Stacey Roberts wrote:
> Hello, > I am looking to replace a proprietary DSL router/modem with the Sangoma S518 > ADSL PCI Controller, thereby placing a FreeBSD (4.10-Stable) server running ipfw to > handle access, firewall and nat duties. > > The ISP's DSL package includes 8 static ip addresses: - > 1 - network addr > 1 - broadcast addr > 1 "router" address > 5 usable ip addresses > > I have been reading up on NAT and address redirection in the HandBook > (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html) and > have come accross section 19.13.5 > Address Redirection. Here it reads: > > The -redirect_address syntax is as follows: > -redirect_address localIP publicIP > localIP The internal IP address of the LAN client. > publicIP The external IP address corresponding to the LAN client. > > In the example, this argument would read: > -redirect_address 192.168.0.2 128.1.1.2 > -redirect_address 192.168.0.3 128.1.1.3 > > What I would like to know is if it is possible to do to following: - > Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6, 1.1.1.7 & 1.1.1.8 > 1] G'Way host is assigned its own public IP - 1.1.1.3 > 2] LAN hosts' (all) traffic is NAT'd using one of the other public IP's - 1.1.1.4 > 3] Remaining 4 public IP addresses are left to be used other purposes (eg: "true" > address redirection to a DMZ-host, that is not a member of the internal LAN subnet) > All entirely reasonable > As you see, the g'way's public ip is not being used for NAT'ing internal hosts' > outgoing traffic, but another ip from within the assignied public ip address range. > My reading of the NAT chapter does not suggest that there is a way to define the > public IP with which traffic is to be translate. Is this functionality not > supported, or have I missed something when reading the various sections? You havent missed anything in the hand book but I suggest reading the natd manpage, specificly -alias_address | -a address Use address as the aliasing address. Either this or the -interface option must be used (but not both), [more here but no need to post it as you have it all already] Also it might be worth looking at at the ipf/ipnat ipfilter stuff and seeing which you find easier to use. (examples in /usr/share/examples/ipfilter for ipfilter , see the handbook or manpage for ipfw.) > > I'd appreciate any pointers to where I might find more information that might assist > me, or an explanation of what it is that I am not understanding when reading the > HandBook. > > Thanks for the time. > > Regards, > > Stacey > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
