From owner-freebsd-net  Wed Mar  7 13: 6:45 2001
Delivered-To: freebsd-net@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id 9FB7B37B718
	for <freebsd-net@freebsd.org>; Wed,  7 Mar 2001 13:06:41 -0800 (PST)
	(envelope-from nick@rogness.net)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f27LYqr29436;
	Wed, 7 Mar 2001 15:34:52 -0600 (CST)
	(envelope-from nick@rogness.net)
Date: Wed, 7 Mar 2001 15:34:51 -0600 (CST)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: Peter Brezny <peter@black.purplecat.net>
Cc: freebsd-net@freebsd.org
Subject: Re: natd - static nat on multiple aliased ip's
In-Reply-To: <Pine.BSF.4.05.10103071539170.24949-100000@black.purplecat.net>
Message-ID: <Pine.BSF.4.21.0103071515540.20531-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 7 Mar 2001, Peter Brezny wrote:

> 
> Won't your example below show all outbound traffic from the same
> external ip, the ip that natd uses?
> 

	Yes and No, if the internal machine does not have a
	redirect_address statement in natd.conf then it will use the
	global interface or alias address outside the firewall. If
	redirect_address is used then the internal address carries
	redirect_address mapped external address when it goes outside the
	firewall.

> I'd like to have the outbound traffic from internal range a.a.a.a have
> one external ip and the outbound traffic from internal range b.b.b.b
> have another external ip.

	Um, you can...but it is very complex with one interface.  I'll try
	to explain why.  Packets arrive and get translated to inside
	addresses...everything fine at this point...packet gets delivered
	to the inside machine...still no problem...but how does the
	packet on the return from the internal machine know which address
	to translate to when leaving the machine?  Usually, it is
	seperate interface, which the ipfw divert rule is running on...and
	even then it is very tricky.

	If you search the archives back a couple of days, I gave an
	exmaple of how you would approach a problem like this.


Nick Rogness <nick@rogness.net>
- Keep on routing in a Free World...  
  "FreeBSD: The Power to Serve!"




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message