Re: IPF and Routing
Hi There, Yes I have read it several times. I have set up an ipnat.conf file that looks a lot like this bimap192.168.1.10 - 10.0.0.3 bimap192.168.1.11 - 10.0.0.4 and so on and so forth I need to ensure that each internal address gets the same external address each time. I have aliased all of the external addresses to the external interface so I was wondering if this would work or did there need to be additional physical interfaces for this to work properly. I am thinking that there would be no need to have multiple interfaces but I am wondering if it is indeed all that simple. The reason for static NAT is that each internal client needs to connect to a remote VPN server which requires one unique IP for each address ( broken damned M$ VPN server ). Mapping static is not a great problem given that each internal client will get it's address via DHCP. Does this make sense ? TIA LukeK On Tue, 7 Oct 2003 18:23:00 +0800 Michael Lee [EMAIL PROTECTED] granted us these pearls of wisdom: Hi, Have you checked the How-to of ipf ? Mapping Many Addresses Into a Pool of Addresses. http://www.obfuscation.org/ipf/ipf-howto.html#TOC_31 - Original Message - From: Luke Kearney [EMAIL PROTECTED] To: FreeBSD Questions [EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 10:12 AM Subject: IPF and Routing Hello, I have question regarding IPNat and routing. The situation is that I need to setup a network where each machine gets a unique global IP address from behind a firewall which performs NAT. I have 16 addresses so my question is can I alias 14 addresses to the primary nic and then config each private address to map directly to one global address or have I missed something fundamental about this ? Any advice is appreciated. TIA LukeK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPF and Routing
Hi, Have you checked the How-to of ipf ? Mapping Many Addresses Into a Pool of Addresses. http://www.obfuscation.org/ipf/ipf-howto.html#TOC_31 - Original Message - From: Luke Kearney [EMAIL PROTECTED] To: FreeBSD Questions [EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 10:12 AM Subject: IPF and Routing Hello, I have question regarding IPNat and routing. The situation is that I need to setup a network where each machine gets a unique global IP address from behind a firewall which performs NAT. I have 16 addresses so my question is can I alias 14 addresses to the primary nic and then config each private address to map directly to one global address or have I missed something fundamental about this ? Any advice is appreciated. TIA LukeK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: IPF and Routing
Why bother doing nat? You *could* just setup a DHCP server on the gateway for the remaining IP address and when the other 14 machines came online, they could dynamically pull the IP addy. Just set some very strict rules on the incoming packets to the rest of the internal network. This is a similar thing to what I did when I had an 8-block from Qwest a couple years ago. HTH Eric F Crist AdTech Integrated Systems, Inc (952) 403-9000 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Luke Kearney Sent: Monday, October 06, 2003 9:12 PM To: FreeBSD Questions Subject: IPF and Routing Hello, I have question regarding IPNat and routing. The situation is that I need to setup a network where each machine gets a unique global IP address from behind a firewall which performs NAT. I have 16 addresses so my question is can I alias 14 addresses to the primary nic and then config each private address to map directly to one global address or have I missed something fundamental about this ? Any advice is appreciated. TIA LukeK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPF and Routing
On Tue, 7 Oct 2003, Luke Kearney wrote: Hello, I have question regarding IPNat and routing. The situation is that I need to setup a network where each machine gets a unique global IP address from behind a firewall which performs NAT. I have 16 addresses so my question is can I alias 14 addresses to the primary nic and then config each private address to map directly to one global address or have I missed something fundamental about this ? Too much time playing with PIX, isn't it? You can do that very easily with ipnat, just add: map nic internal/mask - global/32 portmap tcp/udp 3:5 to the top of /etc/ipnat.rules and then ipnat -FC -f /etc/ipnat.rules Change nic, internal and external to suit your needs. Fer Any advice is appreciated. TIA LukeK ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: IPF and Routing
On Tuesday 07 October 2003 07:21 am, Luke Kearney wrote: Thanks for your response. It may well be that I end up doing exactly that to fix this issue in the short term. But there are some internal resources that I don't want to have live IP's so I am trying for the workable NAT solution. Regards, LukeK On Tue, 7 Oct 2003 07:20:15 -0500 Minnesota Slinky [EMAIL PROTECTED] granted us these pearls of wisdom: Why bother doing nat? You *could* just setup a DHCP server on the gateway for the remaining IP address and when the other 14 machines came online, they could dynamically pull the IP addy. Just set some very strict rules on the incoming packets to the rest of the internal network. This is a similar thing to what I did when I had an 8-block from Qwest a couple years ago. HTH Eric F Crist AdTech Integrated Systems, Inc (952) 403-9000 Do you mind if I ask you to elaborate on the configuration of your network and which services you don't want accessed? -- Eric F Crist AdTech Integrated Systems, Inc (952) 403-9000 pgp0.pgp Description: signature
