Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Apr 2015 21:02:55 +0100
From:      Frank Leonhardt <>
To:        "" <>
Subject:   ipfw, natd and a server on a second WAN address
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
I hope someone will *know* how to do this. I can guess, but if I guess 
wrong there'll be consequences...

The situation I have is that there's a LAN using a FreeBSD box as a 
router, doing asymmetric NAT between two Ethernet interfaces. There's a 
/29 on the WAN, but only one IP was being used.

On the LAN there's a server with a few ports forwarded from the WAN IP.

For various reasons I won't bore you with, I really need to make this 
server appear on a different IP address on the WAN. How do I achieve this?

Okay, on the NATting machine we have a config like:

inet netmask 0xffffff00 broadcast

         inet <wan>.210 netmask 0xfffffff8 broadcast <wan>.215
         inet <wan>.211 netmask 0xffffffff broadcast <wan>.211

On ipfw we have:

         divert natd all from any to any via eth1
         add pass all from any to any

And for natd there are options like:

interface eth1
redirect_port tcp   25

This will happily NAT most things, but anything coming in on <wan>.210 
goes to port 25 on LAN machine This is great.

Anything coming in on <wan>.211 doesn't get natted at all. I thought it 
might, but it doesn't.

Does anyone know the runes needed to make <wan>.211 port 25 pass through 

(Incidentally, this would be easy to fix if I could change some cables 
around, but I can't).

I'm thinking that all I need to do is put in a static route manually. 
But when I try to figure out what exactly it would be, I get a headache.

BTW, I'm specifically using natd here.

If anyone knows, it'd save me a lot of stress, or a day's driving, and 
probably both!

Thanks, Frank.

Want to link to this message? Use this URL: <>