Re: double nat

On Fri, 2003-02-28 at 12:48, Chuck Yerkes wrote:
> Well, looking at the rules, I see that...

oops ok they are below

> Why NAT when you have real addresses?

long story, basically this network was setup by some jackass about 8 years ago, who basically stole some other companies ip range. It's too ingrained into our network to change it easily, so we use routers and nat devices to make sure none of those machines touch the internet (as they won't work). Just pretend they are a 10.* range or some other non-routable network.

here are the rules:

nat on xl0 inet from 192.233.103.0/24 to any -> (xl0) nat on xl0 inet from 192.168.0.0/24 to any -> (xl0)                                                       

#redirect web traffic to addesk server
rdr on xl0 proto tcp from any to 64.1.201.130/27 port 80 -> 192.168.0.9 port 80
rdr on xl0 proto tcp from any to 64.1.201.130/27 port 800 -> 192.168.0.6 port 80rdr on xl0 proto tcp from any to 64.1.201.131/27 port 801 -> 192.168.0.7 port 80rdr on xl0 proto tcp from any to 64.1.201.132/27 port 802 -> 192.168.0.8 port

80                                                                                
                                                                                

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

#redirect ftp traffic to addesk server
rdr on xl0 proto tcp from any to 64.1.201.130/27 port 2121 -> 192.168.0.5 port 21

updated the digram to include interfaces                                                                                

> >
> > 64.1.201.129
Received on Fri Feb 28 16:16:08 2003