Static NAT with natd and ipfw
Brett Glass
brett at lariat.org
Thu Oct 23 18:01:11 PDT 2003
A client wants to "expose" a host on a LAN behind a NAT firewall to the
Internet at large. The host is is behind a FreeBSD machine that's
functioning as (among other things) a NAT router. The host already has an
unregistered internal address (which it needs to keep), but also must
allow others to connect to it from the outside world via a "real" IP
address that's distinct from that of the router. In other words, from the
point of view of the Internet, I want the host to look as if it's outside
the firewall at a separate address from the firewall itself.
The natd man page mentions a -redirect_address command line option which
looks as if it would do PART of the job. But what other configuration do
I have to do (e.g. changes to rc.firewall, rc.conf, etc.) to make this
work? I'm sure I could tinker and figure all of this out, but this week
is quite busy and I need to get things set up in a hurry. (Also, it's a
production system and don't want to cause unnecessary downtime while I
experiment.) Advice, and sample lines from configuration files, would be
much appreciated.
--Brett Glass
More information about the freebsd-questions
mailing list