Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Jun 1998 18:16:49 -0700 (PDT)
From:      Ed James <edjames@cisco.com>
To:        freebsd-questions@FreeBSD.ORG
Subject:   multiple natd's
Message-ID:  <199806100116.SAA01808@sheltie.cisco.com>

next in thread | raw e-mail | index | archive | help
I want to set up a certain kind of NAT.

I have an internal network A using, say, 1.0.0.1 -> 255.  I want to
I have 2 hosts on this net must appear as 100.0.0.* to one ISP,
and 200.0.0.* to another.  (addresses simplifed for easy readability)

So, assuming *.1 is my gateway box (3 ethernet addresses are
190.0.0.1, 200.0.0.1, 210.0.0.1).  I want to the ipfw/natd config to
translate packets.

I can get all of 1.0.0.* mapped to the single address of my gateway/firewall:

	from		to hosts routed via	appear as
	1.0.0.5		100.0.0.1		100.0.0.1
	1.0.0.5		200.0.0.1		200.0.0.1
	1.0.0.6		100.0.0.1		100.0.0.1
	1.0.0.6		200.0.0.1		200.0.0.1

but I can't get each to have its own number.  This makes it awkward to
connect to the telnet port on 1.0.0.5 AND 1.0.0.6 from the outside
(without using -redirect_port).

I want:

	from		to hosts routed via	appear as
	1.0.0.5		100.0.0.1		100.0.0.5
	1.0.0.5		200.0.0.1		200.0.0.5
	1.0.0.6		100.0.0.1		100.0.0.6
	1.0.0.6		200.0.0.1		200.0.0.6

My theory was to set up aliases on each interface like:

	ifconfig ed0 inet 1.0.0.1

	ifconfig ed1 inet 100.0.0.1
	ifconfig ed1 inet 100.0.0.5 alias
	ifconfig ed1 inet 100.0.0.6 alias

	ifconfig ed2 inet 200.0.0.1
	ifconfig ed2 inet 200.0.0.5 alias
	ifconfig ed2 inet 200.0.0.6 alias

and then run a natd for each mapping (1*5->100*5, 1*6->100*6, 1*5->200*5,
1*6->200*6):
	
	natd -port natd1 -alias_address 100.0.0.5 -same_ports \
		-redirect_address 1.0.0.5 100.0.0.5
	natd -port natd2 -alias_address 100.0.0.6 -same_ports \
		-redirect_address 1.0.0.6 100.0.0.6
	natd -port natd3 -alias_address 200.0.0.5 -same_ports \
		-redirect_address 1.0.0.5 200.0.0.5
	natd -port natd3 -alias_address 200.0.0.6 -same_ports \
		-redirect_address 1.0.0.6 200.0.0.6

And then use ipfw to divert the packets to the appropriate natd:

	ipfw add divert natd1 all from 1.0.0.5 to all via ed1
	ipfw add divert natd2 all from 1.0.0.6 to all via ed1
	ipfw add divert natd3 all from 1.0.0.5 to all via ed2
	ipfw add divert natd4 all from 1.0.0.6 to all via ed2

Of course I'd have routes on the 1.* machines to point to the gateway
addresses.

But of course this doesn't work at all.  Am I insane?  Is there a way
to do this?  What I really need is a way to tell natd to use several
(alias) addresses as translated address, but I couldn't see how to do that.

I obviously don't understand how the 'from x to y' args for ipfw work
[for example, does it imply from y to x?  are x and y dest addrs or
intermediate hop addrs?  are additional routes needed?].

If anyone can help, I'd be obliged.  --ed

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806100116.SAA01808>