NATD and Address Redirection
Clement Laforet
sheepkiller at cultdeadsheep.org
Fri Jul 25 17:20:43 PDT 2003
On Fri, 25 Jul 2003 13:49:38 -0400
Jim Durham <durham at jcdurham.com> wrote:
Hi,
> I'm wondering about the characteristics of the redirect_address option
>
> of natd. I tried this on -questions, but no one replied, so I thought
> I'd ask on here, hoping to find folks more familiar with kernel
> mechanisms here.
Except for DIVERT, there isn't any kernel mechanisms for address
translatation.
> Consider a FreeBSD NAT "gateway" between a public IP on one network
> interface and a private "LAN" address on the 2nd interface serving a
> group of windows machines on the LAN with private IPS.
>
> We wanted to allow outside access to one of the LAN machines.
>
> According to the documentation, as I read it, redirect_address sets up
>
> a "static NAT" which is symmetrical between a public address on the
> outside interface of a FreeBSD machine and a machine on a private IP
> attached to the "inside" or "LAN" network interface.
>
> The procedure we used was to alias a 2nd public address to the outside
>
> interface and use a redirect_address statement in natd.conf to
> redirect connections to the new public IP to the inside machine.
>
> This doesn't seem to be symmetrical.
<snip>
>
> I'm questioning whether the connection is really symmetrical?
for incoming traffic, you must use -redirect_address, but for outgoing
you have to set -alias_address.
If you want to use a specific public IP to map incoming AND outgoing
packets, you need to run 2 natd, using ipfw matching.
regards,
clem
More information about the freebsd-hackers
mailing list