ipfw/natd/3 nic

Peter Serwe peter at easytree.net
Tue Dec 23 06:07:42 PST 2003 

Okay, to make a long story short, I got the second
public ip to alias to the outside interface.

Sounds like: No problem!

If there are any extra pointers to extra documentation
that would help this out, I'd greatly appreciate it.

Thanks again,

Pete

Peter Serwe wrote:

> Okay,
>
> Basically, since FreeBSD is (in my mind anyway)
> the ultimate leatherman of the OS world, and God's
> own gift to networking and network services in general
> I decided to try to do a 3 nic ipfw/natd setup.
>
> I've done 2 nic ipfw/natd a couple of times, straight
> ipfw public-->public ipfw a couple of times, I'm fairly
> comfortable with it..
>
> After searching around, I found a message from
> Gilson (de?)Paiva referencing some stuff Barney Wolff
> told him that basically straightened it out.
>
> Here's what I'm trying to accomplish:
>
> I have 2 internal networks that I'll term
> private_private (192.168.1.0/24)
> and public_private (192.168.2.0/24).
>
> The total number of clients between both
> networks probably could never exceed 100,
> and probably won't ever exceed 50.
>
> I have one public ip address.
>
> I need both networks to be able to surf,
> but I _never_ want ANY traffic to be able
> to go in between except from someone having
> direct access to the router.  The router shouldn't
> be passing any traffic in between private networks.
>
> My ideal as I've currently envisioned it would be
> 3 nic nat, with both private networks being able
> to get out the public interface.
>
> Here's the part that's got me thrown for a loop:
>
> Run 2 instances of natd on 8668/8669 - no problem.
>
> Run divert rule twice, one to first nat interface
> on 8668, one to second on 8669.
>
> The second natd line is the problem child for me:
>
> /sbin/natd -f /etc/natd.conf -p 8669 -alias_address public_address
>
> Is this to imply that I need to run a second public
> address for the second natd instance to run?
>
> Hopefully I've left out nothing relevant,
>
> Thanks all.
>
> Pete
> --
> Peter Serwe <peter at easytree.net>
> Cheaper, Faster, Better, pick any two.
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

--
Peter Serwe <peter at easytree.net>
Cheaper, Faster, Better, pick any two.

More information about the freebsd-net mailing list