From owner-freebsd-ipfw Thu Sep 28 21:38:10 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from jason.argos.org (a1-3a105.neo.rr.com [24.93.180.105]) by hub.freebsd.org (Postfix) with ESMTP id 402B637B42C for ; Thu, 28 Sep 2000 21:37:53 -0700 (PDT) Received: from localhost (mike@localhost) by jason.argos.org (8.10.1/8.10.1) with ESMTP id e8T4VQa16882; Fri, 29 Sep 2000 00:31:26 -0400 Date: Fri, 29 Sep 2000 00:31:25 -0400 (EDT) From: Mike Nowlin To: cjclark@alum.mit.edu Cc: Chuck Rock , "'Freebsd-Ipfw" Subject: Re: nat ipfw and multiple IP's on interface.... In-Reply-To: <20000928192405.I81242@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 28 Sep 2000, Crist J . Clark wrote: > On Thu, Sep 28, 2000 at 12:04:18PM -0500, Chuck Rock wrote: > > I have my public interface with several IP's, and I would like to specify > > which NAT internal IP uses which public IP on the external interface for out > > bound traffic. > > > > Is this possible? > > Could you try to rephrase what you want to do. I get a unrecoverable > parser error when I try to read that sentence. I understand everything > up to the 'and.' From there, things get a little hairy. I'll take a stab at it... Methinks he means "I would like to specify which of my public IPs are selected to act on behalf of NAT, dependant on which private-network machine is asking NAT to do it's thing." example: public IPs = 1.1.1.1, 1.1.1.2, 1.1.1.3, 1.1.1.4 private = 10.2.2.0/24 machine 10.2.2.17 should have it's NAT traffic run through 1.1.1.2 machine 10.2.2.29 should have it's NAT traffic run through 1.1.1.4 ...etc. I haven't looked at this recently, but I'm guessing you can do it through running several copies of natd (one for each public IP) that are each listening on a different port number, and some fancy ipfw divert rules... Just listen for requests from each internal IP and divert the packets to the appropriate copy of natd. ...maybe...... :) --mike - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Understated/funny man-page sentence of the current time period: From route(4) on FreeBSD-3.4, DESCRIPTION section: "FreeBSD provides some packet routing facilities." ...duh....... Mike Nowlin, N8NVW mike@argos.org http://www.viewsnet.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message