From owner-freebsd-net@FreeBSD.ORG Sun Jul 23 23:51:21 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A8A116A4DD for ; Sun, 23 Jul 2006 23:51:21 +0000 (UTC) (envelope-from lists@wm-access.no) Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no [194.63.248.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8189743D49 for ; Sun, 23 Jul 2006 23:51:20 +0000 (GMT) (envelope-from lists@wm-access.no) Received: from [192.168.5.8] (host-81-191-3-170.bluecom.no [81.191.3.170]) (authenticated bits=0) by lakepoint.domeneshop.no (8.13.6/8.13.6) with ESMTP id k6NNpIAq028652 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 24 Jul 2006 01:51:18 +0200 Message-ID: <44C40B59.6030803@wm-access.no> Date: Mon, 24 Jul 2006 01:50:49 +0200 From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: Brett Glass References: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> In-Reply-To: <7.0.1.0.2.20060721105813.0971ae90@lariat.net> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: net@freebsd.org Subject: Re: Multiple NAT router X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Jul 2006 23:51:21 -0000 Brett Glass wrote: > I have an application in which I'd like a FreeBSD router to have > multiple, isolated LANS attached to it, each with the same address > space. The FreeBSD box would take the place of multiple NAT routers. >=20 Normally i'd point and laugh, but your ... unusual ..., problem got me thinking. Since i wouldn't be supporting this and all. ;-) A captive type portal technique could probably do it. But that's only if your willing to code a complex application. How about using netgraph (ng_nat) to do 1:n translation making f.ex; net1: 192.168.0.0/24 -> 10.0.0.1 net2: 192.168.0.0/24 -> 10.0.0.2 net3: 192.168.0.0/24 -> 10.0.0.3 Then i assume you would want to nat the resulting 10.0.0.x addresses again by using ... ng_nat? I haven't tried anything like that myself and i haven't checked if it's actually possible. You would probably employ proxy arp to reply to arp queries for the gateway address. Perhaps you have three public addresses to use, reducing complexity a bit. man ng_nat(4) has an example that could help you with the syntax (the hdlc one). If all fails then perhaps marking the packets could help you differentiate them somehow. --=20 Sten Daniel S=F8rsdal