From owner-freebsd-pf@FreeBSD.ORG Sat Oct 23 11:16:13 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D6BE16A4CE for ; Sat, 23 Oct 2004 11:16:13 +0000 (GMT) Received: from mail.furrfu.net (mail.furrfu.net [217.154.177.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id D341D43D4C for ; Sat, 23 Oct 2004 11:16:12 +0000 (GMT) (envelope-from aled@thinknuts.org) Received: from [217.154.177.116] (helo=gwydion) by mail.furrfu.net with esmtp (Exim 4.20) id 1CLJsn-000K9Z-R4 for freebsd-pf@freebsd.org; Sat, 23 Oct 2004 12:16:25 +0100 From: "Aled Treharne" To: Date: Sat, 23 Oct 2004 12:15:21 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcS48ZWWpeDqtd2fRy6lsxJzefbeqQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Message-Id: X-Spam-Score: 3.3 (+++) X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *1CLJsn-000K9Z-R4*Wn/4k4Y4Cp.* Subject: NAT with IP != primary external IP X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Oct 2004 11:16:13 -0000 Hi guys. I'm trying to set up a firewall on a box for a friend. The arrangement is fairly simple, bunch of machines behind the FBSD box, FBSD box connected to ADSL. What I'd like to do (because I wanted to in the first place, and now it's annoying me) is to have 2 Ips on the external i/f on the FBSD box, and have one as the machine's primary IP and t'other solely as the NAT IP. I've tried putting various Ips in the places that make sense to me, but I just couldn't get it to work[1]. Is this possible, and if so, would someone be so kind as to tell me how? I'm trying to move over to pf from ipfw, and if I can get it working, I've got a strong case for using it at work as well. Thanks in advance for your sage advice. :) Cheers, Aled. [1] This is just one place where I prefer linux's eth0:alias1 type labelling of sub-interfaces over FreeBSD's just-put-multiple-ips-on-one-interface way.