Hi Guys I have been taking a close look at some networking opportunities which are being frustrated by the limits which are imposed by NAT. In particular the constraints impose by the embargo on double NATing have an impact for a project I am working on. Has anyone ever seen anything which I would conceptually describe as a reverse NAT proxy? What I want to be able to do is to be able to create a heirarchical tier of networks each one of which communicates to the network above by using a modification of NAT enjoying the capability of identifying a subnet number and client. Does ayone know enough about this subject to point me in the right direction (which may be - forget about it there is no way it can be done..:-) David
How about IPSEC before NAT? Works wonders if you got non-overlapping RFC1918 networks on the ends. (Dunno if you can do it with FreeBSD, though. I set up a Linux solution quite a while ago) Robert On Tuesday 15 April 2003 05:01, vizion communication wrote:> Hi Guys > > I have been taking a close look at some networking > opportunities which are being frustrated by the limits which > are imposed by NAT. In particular the constraints impose by > the embargo on double NATing have an impact for a project I > am working on. Has anyone ever seen anything which I would > conceptually describe as a reverse NAT proxy? > > What I want to be able to do is to be able to create a > heirarchical tier of networks each one of which > communicates to the network above by using a modification of > NAT enjoying the capability of identifying a subnet number > and client. > > Does ayone know enough about this subject to point me in the > right > direction (which may be - forget about it there is no way it > can be done..:-) > > David > > > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to > "freebsd-stable-unsubscribe@freebsd.org"
vizion communication wrote:> I have been taking a close look at some networking > opportunities which are being frustrated by the limits which > are imposed by NAT. In particular the constraints impose by > the embargo on double NATing have an impact for a project I > am working on. Has anyone ever seen anything which I would > conceptually describe as a reverse NAT proxy?See the -redirect_port option in the man page for natd ... is that what you're referring to?> What I want to be able to do is to be able to create a > heirarchical tier of networks each one of which > communicates to the network above by using a modification of > NAT enjoying the capability of identifying a subnet number > and client.If you're using a "cascading gateway" layout, then nat isn't really required ... except on the gateway that actually connects to the Internet. This is a fairly common configuration.> Does ayone know enough about this subject to point me in the > right > direction (which may be - forget about it there is no way it > can be done..:-)Don't see any reason why it can't be done ... if I'm understanding your correctly. -- Bill Moran Potential Technologies http://www.potentialtech.com