ipfw, natd and a server on a second WAN address
Frank Leonhardt
frank2 at fjl.co.uk
Mon Apr 27 20:20:55 UTC 2015
I hope someone will *know* how to do this. I can guess, but if I guess
wrong there'll be consequences...
The situation I have is that there's a LAN using a FreeBSD box as a
router, doing asymmetric NAT between two Ethernet interfaces. There's a
/29 on the WAN, but only one IP was being used.
On the LAN there's a server with a few ports forwarded from the WAN IP.
For various reasons I won't bore you with, I really need to make this
server appear on a different IP address on the WAN. How do I achieve this?
Okay, on the NATting machine we have a config like:
eht0:
inet 192.168.1.210 netmask 0xffffff00 broadcast 192.168.1.255
eth1:
inet <wan>.210 netmask 0xfffffff8 broadcast <wan>.215
inet <wan>.211 netmask 0xffffffff broadcast <wan>.211
On ipfw we have:
divert natd all from any to any via eth1
add pass all from any to any
And for natd there are options like:
interface eth1
redirect_port tcp 192.168.1.212:25 25
This will happily NAT most things, but anything coming in on <wan>.210
goes to port 25 on LAN machine 192.168.1.212. This is great.
Anything coming in on <wan>.211 doesn't get natted at all. I thought it
might, but it doesn't.
Does anyone know the runes needed to make <wan>.211 port 25 pass through
to 192.168.1.212?
(Incidentally, this would be easy to fix if I could change some cables
around, but I can't).
I'm thinking that all I need to do is put in a static route manually.
But when I try to figure out what exactly it would be, I get a headache.
BTW, I'm specifically using natd here.
If anyone knows, it'd save me a lot of stress, or a day's driving, and
probably both!
Thanks, Frank.
More information about the freebsd-questions
mailing list