Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 27 Sep 2006 10:00:35 -0700
From:      Chris <snagit@cbpratt.prohosting.com>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: rewrite of multiple incoming IPs into a single IP
Message-ID:  <C747076B-DC63-4131-BE23-676A0B71C8FF@cbpratt.prohosting.com>
In-Reply-To: <BFB90477-84A5-449D-9AA7-66CF46FE09B4@cbpratt.prohosting.com>
References:  <BFB90477-84A5-449D-9AA7-66CF46FE09B4@cbpratt.prohosting.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

On Sep 26, 2006, at 6:49 PM, Chris wrote:

> I have spent the day trying to get multiple IP addresses rewritten  
> to a single address using IPFW and NATD. Is there a simple

So as not to leave a hanging post in case someone else searches on  
this issue, I'm going to answer myself. I am now successfully using  
natd to internally rewrite multiple IPs to a single jail and then  
back to their real address, it does seem to be identical to  
configuring a private IP network but instead of an interface, I'm  
using the alias_address bound to the primary interface. Within the  
jail, NameVirtualHost is able to service the various sites by name  
through http client/server banter. This will not work if someone uses  
unregistered sites unless host tables are created for the http  
clients due to the jailed httpd responding from the default site.

This makes the jail very useful to me without disrupting the  
environment of the companies web space and the human ramifications  
that can cause. If there is a superior way to do this, please correct  
me. I also now realize, this should have been posted to FreeBSD-IPFW,  
apologies.

(note, these private IPs are really simulating my public IPs)

Addresses on bge0
host IP 192.168.1.222
host alias and jail IP 192.168.1.223
second host alias 192.168.1.224 (simulates a different public address  
to be served by the jail after rewriting to 223)

IPFW Pertinent Commands
divert 8668 ip from any to any via bge0 (packets all follow this path)
allow tcp from any to 192.168.1.223 dst-port 80 setup (packets are  
rewritten on the way in and follow this path to jail)
allow ip from 192.168.1.223 to 192.168.1.0/24 (packets coming from  
the outside on 223 return on this path)
allow ip from 192.168.1.224 to 192.168.1.0/24 (packets coming from  
the outside on 224 return on this path)

NATD commands
alias_address 192.168.1.223
redirect_address 192.168.1.223 192.168.1.224





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?C747076B-DC63-4131-BE23-676A0B71C8FF>