natd originating IP

[Bryce Newall]

Greetings everyone,

I am attempting to set up what I thought would be a simple natd
configuration, but is turning out to be a little bit trickier than I
thought.  I have a FreeBSD machine with 2 internet visible IPs on it.  The
machine also has 2 NICs; the first NIC has the 2 external IPs, and the
second has an IP of 10.0.0.1 for the LAN.  On the LAN is a Windows 2000
server, running Exchange 2000 and a couple of other services that are
accessible from the outside via natd redirects on the FreeBSD box.  (Well,
Exchange isn't directly accessible, but Outlook Web Access is.)

Right now, I have natd running, binding to the second IP address (using
the -a <ip address> switch.  The problem with that is, I now have the
unwanted side-effect of having all outbound traffic appearing to originate
from the second IP address, both from the LAN and from the FreeBSD box
itself.

The main reason for using the second IP address is that I have a web
server running on port 80 on the FreeBSD box (the company's web site), and
also have Outlook Web Access running on port 80 on the Win2000 server, and
I would prefer not to have to have the users connect to OWA on a special
port (most likely, they'll forget).  Also, by having outgoing traffic
originate from the first IP rather than the second, it provides an extra
layer of protection for the Exchange server (i.e. people wouldn't see that
there's another IP address out there with ports exposed to a Windows
machine).

So what I'm wondering is, is there a way to redirect the incoming traffic
on the second IP address that I want to redirect to the Win2000 server,
and still be able to have all outbound traffic originate from the first
IP?

Thanks in advance!

*********************************************************
*    Bryce Newall    *    Email: data at dreamhaven.org    *
*               www.dreamhaven.org/~data                *
*  "Computers make very fast, very accurate mistakes."  *
*********************************************************