NAT vs Public IP Range info needed, please

Stacey Roberts stacey at vickiandstacey.com
Sat Jun 12 12:51:26 PDT 2004 

Hello Eric,

----- Original Message -----
From: "Eric Crist <ecrist at secure-computing.net>"
To: To 'Stacey Roberts'
Date: Sat, 12 Jun, 2004 18:23 BST
Subject: RE: NAT vs Public IP Range info needed, please

> > -----Original Message-----
> > Hello,
> >      I am looking to replace a proprietary DSL router/modem
> > with the Sangoma S518 ADSL PCI Controller, thereby placing a
> > FreeBSD (4.10-Stable) server running ipfw to handle access,
> > firewall and nat duties.
> >

<snipped>
 
> What I would like to know is if it is possible to do to following: -
> Given that the 5 usable public IP's are: 1.1.1.4, 1.1.1.5, 1.1.1.6,
> 1.1.1.7 & 1.1.1.8 1] G'Way host is assigned its own public IP - 1.1.1.3
> 2] LAN hosts' (all) traffic is NAT'd using one of the other public IP's
> - 1.1.1.4 3] Remaining 4 public IP addresses are left to be used other
> purposes (eg: "true" address redirection to a DMZ-host, that is not a
> member of the internal LAN subnet)
> 
> As you see, the g'way's public ip is not being used for NAT'ing internal
> hosts' outgoing traffic, but another ip from within the assignied public
> ip address range. My reading of the NAT chapter does not suggest that
> there is a way to define the public IP with which traffic is to be
> translate. Is this functionality not supported, or have I missed
> something when reading the various sections?
> 
> I'd appreciate any pointers to where I might find more information that
> might assist me, or an explanation of what it is that I am not
> understanding when reading the HandBook.
> --------------------
> 
> Stacey,
> 
> The public IP address for the gateway WILL be used for NAT'ing, if you
> choose to do so.  In order to get things to work correctly, you're going
> to need three NICs installed in this machine (counting one of them as
> the DSL PCI card).  Their use are as follows:
> 
> Sis0: This is your DSL interface (probably not going to be called sis0)
> Sis1: This is your internal, non-DMZ interface, i.e. NAT'd.
> Sis2: This is your DMZ interface, i.e. non-NAT'd.

Yes this is pretty much the set up that is envisaged for the network edge.

> 
> If you read the man pages on NAT (man nat, iirc), you'll learn the
> syntax and such to use within your rc.conf file to configure the correct
> interfaces.

I've seen other list-members' responses including a pointer to man natd(8) with respect to the alias switch, which I intend to study.

> 
> When I've got more time, if you can't figure it out, I'll post a more
> elaborate configuration for you.

Thanks for this, Eric. I've got to get the card first (hopefully with international shipping, it'll be able to get here within a few days so that I can start testing the set up. Given the confidence with which the others' have spoken of the alias switch, I'm now very much happier with the prospects for this solution than before. I'll certainly post back with what results I get.

Thanks very much for taking the time to get back to me.

Regards,

Stacey

> 
> HTH
> 
> Eric F Crist
> President
> AdTech Integrated Systems, Inc
> (612) 998-3588
> 
> 
> 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 466 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040612/8ac7363a/attachment.bin

More information about the freebsd-questions mailing list