Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 7 Mar 2001 14:52:17 -0600 (CST)
From:      Nick Rogness <nick@rogness.net>
To:        Peter Brezny <peter@black.purplecat.net>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: natd - static nat on multiple aliased ip's
Message-ID:  <Pine.BSF.4.21.0103071440150.20531-100000@cody.jharris.com>
In-Reply-To: <Pine.BSF.4.05.10103071501530.24949-100000@black.purplecat.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 7 Mar 2001, Peter Brezny wrote:

> 
> Let's say I had two internal subnets that i'd like to nat with different
> external ip's, while also doing static nat on one of each of the internal 
> ip's. Could i do that by doing something like thils:
> 
> rc.conf
> natd_flags="-f /etc/natd.conf1"
> natd_flags="-f /etc/natd.conf2"


	Only the second line above will get executed.

> 
> rc.firewall
> $fwcmd add divert 8668 all from 10.1.1.1/24 to any via $oif
> $fwcmd add divert 8669 all from 10.1.2.1/24 to any via $oif
> 

	The second rule will never get hit because the packets will only
	get divert through the first divert rule.

> natd.conf1
> port    8668
> interface fxp0
> dynamic yes
> alias_address external_ip_1
> redirect_address 10.1.1.4 external_ip_1
> 
> natd.conf2
> port    8668
> interface fxp0
> dynamic yes
> alias_address external_ip_2
> redirect_address 10.1.2.4 external_ip_2
> 

	The port statement on the second set is the same as the
	first.  

	You really only need to run 1 natd and put both external
	ranges in your config.  Like so:

// In natd.conf:

	port 8668
	interface fxp0
	dynamic yes
	redirect_address 10.1.1.4 external_ip_1
	redirect_address 10.1.2.4 external_ip_2

Then add ipfw fwd's to direct traffic the correct way.  So the total ipfw
ruleset would look like this:

...
ipfw divert 8668 ip from any to any via fxp0
ipfw fwd A.A.A.A ip from external_range_1 to any out via fxp0
ipfw fwd B.B.B.B ip from external_range_2 to any out via fxp0
...
...

Where A.A.A.A is the gateway address of the external_range_1 and B.B.B.B
is the gateway address of the external_range_2.


Nick Rogness <nick@rogness.net>
- Keep on routing in a Free World...  
  "FreeBSD: The Power to Serve!"



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0103071440150.20531-100000>