Date: Mon, 25 Oct 2004 16:59:44 +0100 From: "Lawrence Farr" <freebsd-isp@epcdirect.co.uk> To: "'Aled Treharne'" <aled@thinknuts.org>, <freebsd-pf@freebsd.org> Subject: RE: NAT with IP != primary external IP Message-ID: <20041025155946.4043068377@gunfright.epcdirect.co.uk> In-Reply-To: <E1CLJsn-000K9Z-R4@mail.furrfu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-pf@freebsd.org > [mailto:owner-freebsd-pf@freebsd.org] On Behalf Of Aled Treharne > Sent: 23 October 2004 12:15 > To: freebsd-pf@freebsd.org > Subject: NAT with IP != primary external IP > > Hi guys. > > I'm trying to set up a firewall on a box for a friend. The > arrangement is > fairly simple, bunch of machines behind the FBSD box, FBSD > box connected to > ADSL. What I'd like to do (because I wanted to in the first > place, and now > it's annoying me) is to have 2 Ips on the external i/f on the > FBSD box, and > have one as the machine's primary IP and t'other solely as > the NAT IP. I've > tried putting various Ips in the places that make sense to > me, but I just > couldn't get it to work[1]. > > Is this possible, and if so, would someone be so kind as to > tell me how? I'm > trying to move over to pf from ipfw, and if I can get it > working, I've got a > strong case for using it at work as well. > > Thanks in advance for your sage advice. :) > > Cheers, > Aled. > > [1] This is just one place where I prefer linux's eth0:alias1 > type labelling > of sub-interfaces over FreeBSD's > just-put-multiple-ips-on-one-interface way. I use the following: ext_ipa="1.2.3.4" axt_ipb="1.2.3.5" net_if="fxp0" table <inets> { 7.8.9.0/24, 4.5.6.0/24 } nat on $net_if from <inets> to any -> $ext_ipb So traffic matching <inets> gets sent out via $ext_ipb, all other traffic comes out on $ext_ipa. Regards, Lawrence Farr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041025155946.4043068377>