natd.conf problem (was: natd problem (but close!) )

[Micheal Patterson]

----- Original Message ----- 
From: "The Bean" <beantaxi at yahoo.com>
To: "Micheal Patterson" <micheal at tsgincorporated.com>; "freebsd"
<freebsd-questions at freebsd.org>
Sent: Friday, December 26, 2003 4:05 PM
Subject: Re: natd.conf problem (was: natd problem (but close!) )


> > Um. How many real IP's you have sitting on XL0?
> >
> > If it's only one, you don't to redirect_address on it otherwise, it will
> > lose internet access itself since all return traffic will go to the
internal
> > address. If you have multiple IP's on xl0, redirect one of the aliased
IP's
> > to the internal system. Otherwise, use redirect_port instead.
>
> I have 1 real IP sitting on xl0 on the gateway, and 1 real IP sitting
> on xl0 on the client (they both use xl0, coincidentally). The gateway's
> xl0 is configured for public IP xx.yy.zz.187 -- however, I'm doing
> redirect_address on xx.yy.zz.186, which isn't assigned to any interface.
> I suppose that's why my gateway could still access the Internet even
though
> I had a redirect_address on.
>
> Hmmmm, I'm starting to feel like I've been misunderstanding how to
> use redirect_address . . . could it be that if I want to redirect a
> public IP to an interal host on my LAN, I must create an alias for that IP
> on the gateway's external interface? That would make sense -- otherwise,
the NIC
> wouldn't know to use it.
>
> If so, where would I have read this? I'm not saying it's undocced; I'm
sure it is,
> and so I'm wondering what I misread!
>
> Thanks Micheal -- I look forward to being educated.
> - T.B.


You're getting the idea. You're trying to set up a static nat configuration
instead of a dynamic nat. Dynamic NAT uses one IP for all traffic from the
internal systems. Perhaps I should've stated it this way first, my bad. For
Static Nat setups, a gateway has to have the redirected IP associated with
it's external nic. It's best if this is an aliased IP so that no traffic to
the gateway is lost. Then redirect that address to the internal system.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html
specifically,  section 19.13.5 Address Redirection describes this best.

"Address redirection is useful if several IP addresses are available, yet
they must be on one machine. With this, natd(8) can assign each LAN client
its own external IP address. natd(8) then rewrites outgoing packets from the
LAN clients with the proper external IP address and redirects all traffic
incoming on that particular IP address back to the specific LAN client. This
is also known as static NAT"


--

Micheal Patterson
Network Administration
TSG Incorporated
405-917-0600