Date: Wed, 7 Mar 2001 15:34:51 -0600 (CST) From: Nick Rogness <nick@rogness.net> To: Peter Brezny <peter@black.purplecat.net> Cc: freebsd-net@freebsd.org Subject: Re: natd - static nat on multiple aliased ip's Message-ID: <Pine.BSF.4.21.0103071515540.20531-100000@cody.jharris.com> In-Reply-To: <Pine.BSF.4.05.10103071539170.24949-100000@black.purplecat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 7 Mar 2001, Peter Brezny wrote: > > Won't your example below show all outbound traffic from the same > external ip, the ip that natd uses? > Yes and No, if the internal machine does not have a redirect_address statement in natd.conf then it will use the global interface or alias address outside the firewall. If redirect_address is used then the internal address carries redirect_address mapped external address when it goes outside the firewall. > I'd like to have the outbound traffic from internal range a.a.a.a have > one external ip and the outbound traffic from internal range b.b.b.b > have another external ip. Um, you can...but it is very complex with one interface. I'll try to explain why. Packets arrive and get translated to inside addresses...everything fine at this point...packet gets delivered to the inside machine...still no problem...but how does the packet on the return from the internal machine know which address to translate to when leaving the machine? Usually, it is seperate interface, which the ipfw divert rule is running on...and even then it is very tricky. If you search the archives back a couple of days, I gave an exmaple of how you would approach a problem like this. Nick Rogness <nick@rogness.net> - Keep on routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0103071515540.20531-100000>