From owner-freebsd-net@FreeBSD.ORG  Thu Sep 22 08:39:52 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3B78D16A41F;
	Thu, 22 Sep 2005 08:39:52 +0000 (GMT)
	(envelope-from regnauld@moof.catpipe.net)
Received: from moof.catpipe.net (moof.catpipe.net [195.249.214.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B54A343D45;
	Thu, 22 Sep 2005 08:39:51 +0000 (GMT)
	(envelope-from regnauld@moof.catpipe.net)
Received: from localhost (localhost [127.0.0.1])
	by localhost.catpipe.net (Postfix) with ESMTP
	id E9CC71B3F7; Thu, 22 Sep 2005 10:39:47 +0200 (CEST)
Received: from moof.catpipe.net ([127.0.0.1])
	by localhost (moof.catpipe.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 47658-05; Thu, 22 Sep 2005 10:39:43 +0200 (CEST)
Received: by moof.catpipe.net (Postfix, from userid 1001)
	id 6992A1B3E6; Thu, 22 Sep 2005 10:39:41 +0200 (CEST)
Date: Thu, 22 Sep 2005 10:39:41 +0200
From: Phil Regnauld <regnauld@catpipe.net>
To: nielsen@memberwebs.com
Message-ID: <20050922083941.GD46081@moof.catpipe.net>
References: <4331C65C.5030308@yan.com.br>
	<20050922084116.132E970DCD6@mail.npubs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050922084116.132E970DCD6@mail.npubs.com>
X-Operating-System: FreeBSD 4.8-STABLE i386
Organization: catpipe Systems ApS
User-Agent: Mutt/1.5.6i
X-Virus-Scanned: amavisd-new at catpipe.net
Cc: freebsd-hackers@freebsd.org, ddg@yan.com.br, freebsd-net@freebsd.org
Subject: Re: IPFW NATD = NAT POOL
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Sep 2005 08:39:52 -0000

Nate Nielsen (nielsen-list) writes:
> No. I think each instance of natd (at least last time I looked at it)
> could only use one IP address as it's public address.

	One could use probability rules to divert to different natds with
	different NAT addresses, and use choparp / aliases to get the traffic
	back.  So:

	divert 10001 ip from <inside> to any prob 0.25 via <extif>
	(appropriate skiptos)
	divert 10004 ip from <inside> to any prob 0.25 via <extif>
	...
	divert 10001 ip from any to 1.2.3.4 in via <extif>
	divert 10002 ip from any to 1.2.3.5 in via <extif>
	...

	Then

	natd -alias_address 1.2.3.4 -p 10001
	natd -alias_address 1.2.3.5 -p 10002
	natd -alias_address 1.2.3.6 -p 10003
	natd -alias_address 1.2.3.7 -p 10004
	...

	+ relevant ifconfig alias or choparp to force trafic your way
	when someone ARPs for the additional "pool" addresses.

	Gross, eh ? :)