Date: Tue, 15 Feb 2000 21:32:19 -0600 (CST) From: Gene Harris <zeus@tetronsoftware.com> To: Remnants <remnants@shellyeah.org> Cc: FreeBSD Qs <freebsd-questions@FreeBSD.ORG> Subject: Re: ipfw / natd + outgoing source address? Message-ID: <Pine.BSF.4.10.10002152119430.1265-100000@tetron02.tetronsoftware.com> In-Reply-To: <Pine.GSO.4.21.0002151733020.12215-100000@zippy.shellyeah.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Feb 2000, Remnants wrote: > Maybe I'm just missing something in the man pages, but is there any way > to change the source address used for _outgoing_ connections from the > inside of a NAT to one of the external interface's aliases using ipfw / > natd? Something like ... > > ( lan ) tun0 tun1 ( aliases ) > > 192.168.0.1 ---+---> [-----] -------> 172.16.0.21 > 192.168.0.2 ---+---> | | -------> 172.16.0.22 > 192.168.0.3 ---+---> | nat | -------> 172.16.0.23 > 192.168.0.4 ---+ | | > 192.168.0.5 ---' [-----] > > ... so that requests originating from 192.168.0.1 would appear to the > outside world as coming from 172.16.0.21, 192.168.0.2 as 172.16.0.22, > and everything else on the inside as 172.16.0.23. I don't think you want to use ipfw to do this. I believe that you accomplish this by using static nat. If the man pages for natd are correct, you implement the translation scheme by repeatedly applying the -redirect_address option for each static translation that you wish to implement. You will probably want to investigate using a natd.conf file for this: redirect_address 192.168.0.1 172.16.0.21 redirect_address 192.168.0.2 172.16.0.22 The man page concentrated on the incoming part of the translation, but there is a hint near the end of the discussion on -redirect_address about outgoing addresses as well. If freebsd implements full, two-way static nat, then this is the option that should do it. I hope this helps, Gene > > I see from the ipfilter docs and how-to that it appears to support this > kind of functionality via its map directive, but I'd rather not have to > switch. > > Many thanks in advance. > > r. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > *==============================================* *Gene Harris http://www.tetronsoftware.com* * Home of TeamAccess version control for * * Microsoft Office 97 and 2000 * * FreeBSD 3.4-STABLE - The Power to Serve * * Redhat 6.1 Secure Web Server * *==============================================* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10002152119430.1265-100000>