port redirection from 2 public ips -> natd to a single service.

Steve Bertrand iaccounts at ibctech.ca
Thu Sep 2 07:12:59 PDT 2004 

> I'm using natd and doing port redirection with a natd.conf file. I
> have a
> mission to accomplish this week last sec. O NO...

Ok, off the top of the head...

Can you run a separate instance of natd, on a separate port, and use
IPFW to properly filter? For instance:

ipfw 10 divert 8669 all from any to $secondIP # 2nd instance natd
ipfw 20 divert 8668 all from any to any out via $outside_interface
ipfw 30 divert 8669 all from $mailserver to any out via $outside_if
ipfw 40 divert 8668 all from any to any in via $outside_interface

natd could be started like this (for the standard natting):

# /usr/sbin/natd -a primary_ip

and the second instance (for the mail server)

# /usr/sbin/natd -a secondary_ip -i 8669 -redirect_port 10.0.0.10:25 25

etc..etc.

I have no idea if this will actually work, but it sounds good in my
head as far as theory is concerned.

Steve





>
> We have to change our IP address on the mail server and they run this
> mail
> server off a windows machine.. (placeing the windows machine one the
> Internet
> with out firewall is out of the question) we need 2 public IP
> addresses to
> redirect to a single machine behind them.
>
> The firewall in place now allows DMZ hosting. However, it will not
> allow us to
> alias an address outside of its network.
>
> plan is to place a freebsd machine in the middle and configure natd
> with ipfw
> and so on... well we got the machine working as the gateway and
> redirected
> traffic for 110 and 25. as well as a test port 8384. That was great..
> more
> like a good time!! ;-) well the challenge was to alias an address to
> the
> public interface and see if that would work. results are ..
>
> we could see port redirection working on the Primary address and not
> the
> secondary. all though the machine was responding for both IPs. (made
> connections to the freebsd machine on both IPs) Just the port
> forwarding would
> not work.
>
>
> we also tried placing the IP address where we had the interface name
> to enable
> nat and listed it twice. one for each address.
>
> same results..
>
> we then tried to place another physical interface into the machine and
> muk
> with nat in that way. no luck... to be honest the brain had series
> pain at the
> moment and I cant remember much more..
>
> Wondering if there is someone out there who maybe able to answer this
> one or
> place me ina direction. This could save a us from a future migraine
> from the
> ear full we will get.. hehe :-)
>
> Thanks for your time..
>
> Shawn
>
> "PC's are like air conditioners.. They are both useless with windows
> open!!!!"
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list