Date: Thu, 22 Sep 2005 10:39:41 +0200 From: Phil Regnauld <regnauld@catpipe.net> To: nielsen@memberwebs.com Cc: freebsd-hackers@freebsd.org, ddg@yan.com.br, freebsd-net@freebsd.org Subject: Re: IPFW NATD = NAT POOL Message-ID: <20050922083941.GD46081@moof.catpipe.net> In-Reply-To: <20050922084116.132E970DCD6@mail.npubs.com> References: <4331C65C.5030308@yan.com.br> <20050922084116.132E970DCD6@mail.npubs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nate Nielsen (nielsen-list) writes: > No. I think each instance of natd (at least last time I looked at it) > could only use one IP address as it's public address. One could use probability rules to divert to different natds with different NAT addresses, and use choparp / aliases to get the traffic back. So: divert 10001 ip from <inside> to any prob 0.25 via <extif> (appropriate skiptos) divert 10004 ip from <inside> to any prob 0.25 via <extif> ... divert 10001 ip from any to 1.2.3.4 in via <extif> divert 10002 ip from any to 1.2.3.5 in via <extif> ... Then natd -alias_address 1.2.3.4 -p 10001 natd -alias_address 1.2.3.5 -p 10002 natd -alias_address 1.2.3.6 -p 10003 natd -alias_address 1.2.3.7 -p 10004 ... + relevant ifconfig alias or choparp to force trafic your way when someone ARPs for the additional "pool" addresses. Gross, eh ? :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050922083941.GD46081>