Re: public ip address behind nat

From: Lee Johnston (lee_at_wildcard.net.uk)
Date: 01/26/05

  • Next message: Chris Dionissopoulos: "Re: public ip address behind nat" 
    Date: Wed, 26 Jan 2005 18:33:39 +0000
To: Mihai Nitulescu <mihaissa@yahoo.com>

    Hi there,
    Basically because NAT is altering all packets leaving on rl0 on your 'nat'
    machine, to the outside world the packets leaving your network, from 'app'
    machine will appear to be from your 'nat' machines external interface.

    The way to get around this is to tell natd not to perform NAT on IP
    addresses that are public (i.e. not unregistered addresses as defined in
    RFC1918, so not the 192.168. range and the others).

    Easy way to do this is to pass natd the -unregistered_only option. Man page
    for natd explains this a bit better.

    You will only be able to route via your 'nat' box if your ISP has routed
    that block of IPs to your external IP on the box.. Hope that makes sense.

    Regards,
    Lee.

    At 18:16 26/01/2005, Mihai Nitulescu wrote:
    >Hi all,
    >
    >Here is what i have done so far.
    >
    >i worked only on the nat.ex.com
    >
    > internet
    > |
    > |
    > ________rl0(193.23143.33)________
    > | |
    > | nat.example.com |
    > | |
    > |_______rl1(192.168.0.254)________|
    > |
    > _____|______
    > |___________| switch
    > | |
    > -------------------------------| |----------------------|
    > LAN
    > _xl0(193.231.43.26)
    > |
    > |
    > |
    > app.example.com |
    > |
    > ________________|
    >
    >
    >
    >OK,
    >So I created on nat.example.com on rl1 a virtual interface
    >ifconfig rl1 alias 193.231.43.25 255.255.255.248
    >After that i created a route for this new interface
    >route add 193.231.43.25 193.231.43.33 -iface
    >
    >So now i can ping rl1 rl0 & internet from the app.example.com but i cannot
    >access this machine from the internet.
    >
    >Any thoughts on that ??
    >
    >rgds
    >
    >Mihai
    >
    >
    >
    >
    >
    >
    >
    >"Thomas M. Skeren III" <tms3@fskklaw.com> wrote:
    >Brian Reichert wrote:
    >
    >On Mon, Jan 24, 2005 at 03:21:19PM -0800, Mihai Nitulescu wrote:
    >
    >In the LAN i have the other machine application.example.comI have some
    >Public IP`s from my ISP : 193.231.43.25-30 255.255.255.248 I want to
    >assign to application.example.com 193.231.43.27 and to route this ip
    >trough nat.example.com Any ideea how can i do that ?
    >I'm having problems with your setup. Is Application.example.com at
    >193.531.43.27 or is it on the lan with an internal address?
    >
    >If it's internal, then machines on the lan can see the internal IP, so
    >there's no reason for it to have a public address. If machines outside
    >the lan need to get to app.ex.com, then use natd_flags in rc.conf and
    >point the ports you need opened on app to the local addy of app, and use
    >the NAT's external addy for the external users of app. That would be the
    >easiest way if you don't want to give an external addy to app.
    >
    >Of course the easiest way is to just give app an external addy and plug it
    >into the ISP supplied router. Unless app is a M$ box, of course.
    >See 'redirect_address' in natd(8).I believe you'll also need to assign
    >your public IPs to the externalinterface of your NAT box.I have a similar
    >setup, but I need to review just what I've doneto make that work...
    >
    >Please help. Regards, Mihai
    >
    >
    >
    >
    >
    >---------------------------------
    >Do you Yahoo!?
    > Yahoo! Search presents - Jib Jab's 'Second Term'
    >_______________________________________________
    >freebsd-net@freebsd.org mailing list
    >http://lists.freebsd.org/mailman/listinfo/freebsd-net
    >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

    Lee Johnston, Wildcard Internet

    t: +44 (0)845 165 1510 f: +44 (0)845 165 1511 m: +44 (0)7795 423 617
    e: lee@wildcard.net.uk www: http://www.wildcard.net.uk/

    Web Development - Domains - Hosting - Co-location - Dedicated Servers
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Chris Dionissopoulos: "Re: public ip address behind nat"

    Relevant Pages

    • Re: Wingate alternatives on Linux
      ... > management scripts for linux iptables/ipchains. ... Actually Wingate has NAT, ... is a proxy of sorts but it only requires you to install an app in your ...
      (comp.os.linux.networking)
    • Re: Wingate alternatives on Linux
      ... > management scripts for linux iptables/ipchains. ... Actually Wingate has NAT, ... is a proxy of sorts but it only requires you to install an app in your ...
      (comp.os.linux.networking)
    • Re: Suggestions required for best copy protection component
      ... Theres a keygen in the jvcl components which ... registration server to verify only 1 instance of your app is running on ... a given IP - not much good for those in NAT (as well it NATs it and ... connection with passing internal IP so if you had current connections ...
      (borland.public.delphi.non-technical)