Hi all, I am having troubles with NATD. I have 64 Real IP addresses and about a 200 customers. I need to define an address pool in order to avoid the effect that all internal IPs to be visible as 1. What I have done is. in rc.conf: natd_enable="YES" natd_flags="-f /etc/natd.conf" in natd.conf: use_sockets yes same_ports yes reverse yes interface fxp0 redirect_address 10.0.1.2 one-external-ip redirect_address 10.0.1.3 two-external-ip And the nat is not working. Will be grateful if someone help me with that issue. Regards to you all Evgeny Ivanov
On Wed, 26 May 2004, Evgeny Ivanov wrote:> in rc.conf: > natd_enable="YES" > natd_flags="-f /etc/natd.conf"You also need: gateway_enable="YES" firewall_enable="YES" Also make sure you're not doing anything silly in ipfw. Use a stock /etc/rc.firewall and set firewall_type="OPEN" in rc.conf to make real sure.> in natd.conf: > use_sockets yes > same_ports yes > reverse yesWhy do you want 'reverse' enabled? You probably don't want this.> interface fxp0Make sure this is your public interface, not the private one.> redirect_address 10.0.1.2 one-external-ip > redirect_address 10.0.1.3 two-external-ip-- Chris Dillon - cdillon(at)wolves.k12.mo.us FreeBSD: The fastest, most open, and most stable OS on the planet - Available for IA32, IA64, AMD64, PC98, Alpha, and UltraSPARC architectures - PowerPC, ARM, MIPS, and S/390 under development - http://www.freebsd.org Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon?
On 5/26/2004, "Volker Stolz" <stolz@i2.informatik.rwth-aachen.de> wrote:>In local.freebsd-stable, you wrote: >> I am having troubles with NATD. >> I have 64 Real IP addresses and about a 200 customers. I need to define >> an address pool in order to avoid the effect that all internal IPs to be >> visible as 1. What I have done is. >> in rc.conf: >> natd_enable="YES" >> natd_flags="-f /etc/natd.conf" >> >> in natd.conf: >> use_sockets yes >> same_ports yes >> reverse yes >> interface fxp0 >> redirect_address 10.0.1.2 one-external-ip >> redirect_address 10.0.1.3 two-external-ip > >Do you hace divert-rule in your firewall ruleset to pass the >packets to natd? >-- >http://www-i2.informatik.rwth-aachen.de/stolz/ *** PGP *** S/MIME >Neu! ?ndern Sie den Anfangstag Ihrer Woche > >Yes I have a divert rule setup in rc.firewall. It is like this: ipfw add 100 divert natd all frmu any to any via external-interface