ipfw/natd/3 nic
From: Peter Serwe (peter_at_easytree.net)
Date: 12/23/03
- Previous message: h0444lp6: "WLAN card experiences wanted"
- Next in thread: Peter Serwe: "Re: ipfw/natd/3 nic"
- Reply: Peter Serwe: "Re: ipfw/natd/3 nic"
- Reply: Barney Wolff: "Re: ipfw/natd/3 nic"
- Reply: Darcy Buskermolen: "Re: ipfw/natd/3 nic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 23 Dec 2003 08:23:00 -0500 To: freebsd-net@freebsd.org
Okay,
Basically, since FreeBSD is (in my mind anyway)
the ultimate leatherman of the OS world, and God's
own gift to networking and network services in general
I decided to try to do a 3 nic ipfw/natd setup.
I've done 2 nic ipfw/natd a couple of times, straight
ipfw public-->public ipfw a couple of times, I'm fairly
comfortable with it..
After searching around, I found a message from
Gilson (de?)Paiva referencing some stuff Barney Wolff
told him that basically straightened it out.
Here's what I'm trying to accomplish:
I have 2 internal networks that I'll term
private_private (192.168.1.0/24)
and public_private (192.168.2.0/24).
The total number of clients between both
networks probably could never exceed 100,
and probably won't ever exceed 50.
I have one public ip address.
I need both networks to be able to surf,
but I _never_ want ANY traffic to be able
to go in between except from someone having
direct access to the router. The router shouldn't
be passing any traffic in between private networks.
My ideal as I've currently envisioned it would be
3 nic nat, with both private networks being able
to get out the public interface.
Here's the part that's got me thrown for a loop:
Run 2 instances of natd on 8668/8669 - no problem.
Run divert rule twice, one to first nat interface
on 8668, one to second on 8669.
The second natd line is the problem child for me:
/sbin/natd -f /etc/natd.conf -p 8669 -alias_address public_address
Is this to imply that I need to run a second public
address for the second natd instance to run?
Hopefully I've left out nothing relevant,
Thanks all.
Pete
-- Peter Serwe <peter@easytree.net> Cheaper, Faster, Better, pick any two. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: h0444lp6: "WLAN card experiences wanted"
- Next in thread: Peter Serwe: "Re: ipfw/natd/3 nic"
- Reply: Peter Serwe: "Re: ipfw/natd/3 nic"
- Reply: Barney Wolff: "Re: ipfw/natd/3 nic"
- Reply: Darcy Buskermolen: "Re: ipfw/natd/3 nic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
