Hello Vince, Thanks for the reply. ----- Original Message ----- From: "Vince Hoffman <[EMAIL PROTECTED]>" To: To Stacey Roberts Date: Sat, 12 Jun, 2004 18:36 BST Subject: Re: NAT vs Public IP Range info needed, please
> > > On Sat, 12 Jun 2004, Stacey Roberts wrote: > > > Hello, > > I am looking to replace a proprietary DSL router/modem with the Sangoma S518 > > ADSL PCI Controller, thereby placing a FreeBSD (4.10-Stable) server running ipfw > > to handle access, firewall and nat duties. > > <snipped> > > > > What I would like to know is if it is possible to do to following: - > > Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6, 1.1.1.7 & > > 1.1.1.8 > > 1] G'Way host is assigned its own public IP - 1.1.1.3 > > 2] LAN hosts' (all) traffic is NAT'd using one of the other public IP's - 1.1.1.4 > > 3] Remaining 4 public IP addresses are left to be used other purposes (eg: "true" > > address redirection to a DMZ-host, that is not a member of the internal LAN subnet) > > > > All entirely reasonable > > > As you see, the g'way's public ip is not being used for NAT'ing internal hosts' > > outgoing traffic, but another ip from within the assignied public ip address > > range. My reading of the NAT chapter does not suggest that there is a way to > > define the public IP with which traffic is to be translate. Is this functionality > > not supported, or have I missed something when reading the various sections? > > You havent missed anything in the hand book but I suggest reading the natd > manpage, specificly > -alias_address | -a address > Use address as the aliasing address. Either this or the > -interface option must be used (but not both), [more here > but no need to post it as you have it all already] Excellent! I'll get onto this and see what needs to be done whilst I wait for the card to arrive. > > Also it might be worth looking at at the ipf/ipnat ipfilter stuff and seeing which > you find easier to use. (examples in /usr/share/examples/ipfilter for > ipfilter , see the handbook or manpage for ipfw.) I've never used ipfilter before - mainly because the HandBook had historically exclusively used ipfw in its examples since I started with FreeBSD back at 4.2. I'll certainly consider ipfilter as well to see what benefits it offers over ipfw. Thanks for that suggestion. Regards, Stacey > > > > > > > I'd appreciate any pointers to where I might find more information that might > > assist me, or an explanation of what it is that I am not understanding when > > reading the HandBook. > > > > Thanks for the time. > > > > Regards, > > > > Stacey > > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]"
pgpguDOBfmmJz.pgp
Description: PGP signature