Date: Wed, 27 Jun 2001 11:40:11 -0500 From: Doug Poland <doug@polands.org> To: questions@freebsd.org Subject: ipfw/natd - howto divert based on source IP? Message-ID: <20010627114010.A19216@polands.org>
next in thread | raw e-mail | index | archive | help
Hello, I'm trying to configure a 4.3-STABLE box to divert packets based on the source IP address. The result should be the packet looks like it's coming from a given address based on it's source. i.e., MyHost as 3 public IPs: ifconfig xl0 inet xxx.xxx.xxx.113 netmask 255.255.255.224 ifconfig xl0 inet xxx.xxx.xxx.126 netmask 255.255.255.224 alias ifconfig xl0 inet xxx.xxx.xxx.99 netmask 255.255.255.224 alias Any packets originating from the machine itself (.113) should look like it came from .99 Any packets originating from hosts .100-.112, should not have their IP address translated Any packets originating from my private network (192.168.0/24) should have their IP's translated to look like it came from .126. I've successfully configured natd/ipfw to nat and use .126 as the alias_address. This is what I'm thinking about doing... 1. Remove: alias_address xxx.xxx.xxx.126 from natd.conf 2. Remove: divert natd ip from any to any via xl0 from rc.firewall 3. Add: divert natd ip from xxx.xxx.xxx.113 to xxx.xxx.xxx.99 via xl0 divert natd ip from xxx.xxx.xxx.100 to xxx.xxx.xxx.100 via xl0 divert natd ip from xxx.xxx.xxx.101 to xxx.xxx.xxx.101 via xl0 etc., etc., etc., divert natd ip from xxx.xxx.xxx.112 to xxx.xxx.xxx.112 via xl0 divert natd ip from 192.168.3.0/24 to xxx.xxx.xxx.126 via xl0 Does this make sense? Is there a better/easier way to achieve what I'm after. Many thanks for your help. -- Regards, Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010627114010.A19216>