On Fri, 25 Jul 2003 13:49:38 -0400 Jim Durham <[EMAIL PROTECTED]> wrote:
Hi, > I'm wondering about the characteristics of the redirect_address option > > of natd. I tried this on -questions, but no one replied, so I thought > I'd ask on here, hoping to find folks more familiar with kernel > mechanisms here. Except for DIVERT, there isn't any kernel mechanisms for address translatation. > Consider a FreeBSD NAT "gateway" between a public IP on one network > interface and a private "LAN" address on the 2nd interface serving a > group of windows machines on the LAN with private IPS. > > We wanted to allow outside access to one of the LAN machines. > > According to the documentation, as I read it, redirect_address sets up > > a "static NAT" which is symmetrical between a public address on the > outside interface of a FreeBSD machine and a machine on a private IP > attached to the "inside" or "LAN" network interface. > > The procedure we used was to alias a 2nd public address to the outside > > interface and use a redirect_address statement in natd.conf to > redirect connections to the new public IP to the inside machine. > > This doesn't seem to be symmetrical. <snip> > > I'm questioning whether the connection is really symmetrical? for incoming traffic, you must use -redirect_address, but for outgoing you have to set -alias_address. If you want to use a specific public IP to map incoming AND outgoing packets, you need to run 2 natd, using ipfw matching. regards, clem _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
