From owner-freebsd-questions Tue Jun 9 18:17:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA17416 for freebsd-questions-outgoing; Tue, 9 Jun 1998 18:17:25 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from sheltie.cisco.com (sheltie.cisco.com [171.69.219.130]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA17409 for ; Tue, 9 Jun 1998 18:17:20 -0700 (PDT) (envelope-from edjames@cisco.com) Received: (edjames@localhost) by sheltie.cisco.com (8.8.4-Cisco.1/8.6.5) id SAA01808 for freebsd-questions@FreeBSD.ORG; Tue, 9 Jun 1998 18:16:49 -0700 (PDT) Date: Tue, 9 Jun 1998 18:16:49 -0700 (PDT) From: Ed James Message-Id: <199806100116.SAA01808@sheltie.cisco.com> To: freebsd-questions@FreeBSD.ORG Subject: multiple natd's Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I want to set up a certain kind of NAT. I have an internal network A using, say, 1.0.0.1 -> 255. I want to I have 2 hosts on this net must appear as 100.0.0.* to one ISP, and 200.0.0.* to another. (addresses simplifed for easy readability) So, assuming *.1 is my gateway box (3 ethernet addresses are 190.0.0.1, 200.0.0.1, 210.0.0.1). I want to the ipfw/natd config to translate packets. I can get all of 1.0.0.* mapped to the single address of my gateway/firewall: from to hosts routed via appear as 1.0.0.5 100.0.0.1 100.0.0.1 1.0.0.5 200.0.0.1 200.0.0.1 1.0.0.6 100.0.0.1 100.0.0.1 1.0.0.6 200.0.0.1 200.0.0.1 but I can't get each to have its own number. This makes it awkward to connect to the telnet port on 1.0.0.5 AND 1.0.0.6 from the outside (without using -redirect_port). I want: from to hosts routed via appear as 1.0.0.5 100.0.0.1 100.0.0.5 1.0.0.5 200.0.0.1 200.0.0.5 1.0.0.6 100.0.0.1 100.0.0.6 1.0.0.6 200.0.0.1 200.0.0.6 My theory was to set up aliases on each interface like: ifconfig ed0 inet 1.0.0.1 ifconfig ed1 inet 100.0.0.1 ifconfig ed1 inet 100.0.0.5 alias ifconfig ed1 inet 100.0.0.6 alias ifconfig ed2 inet 200.0.0.1 ifconfig ed2 inet 200.0.0.5 alias ifconfig ed2 inet 200.0.0.6 alias and then run a natd for each mapping (1*5->100*5, 1*6->100*6, 1*5->200*5, 1*6->200*6): natd -port natd1 -alias_address 100.0.0.5 -same_ports \ -redirect_address 1.0.0.5 100.0.0.5 natd -port natd2 -alias_address 100.0.0.6 -same_ports \ -redirect_address 1.0.0.6 100.0.0.6 natd -port natd3 -alias_address 200.0.0.5 -same_ports \ -redirect_address 1.0.0.5 200.0.0.5 natd -port natd3 -alias_address 200.0.0.6 -same_ports \ -redirect_address 1.0.0.6 200.0.0.6 And then use ipfw to divert the packets to the appropriate natd: ipfw add divert natd1 all from 1.0.0.5 to all via ed1 ipfw add divert natd2 all from 1.0.0.6 to all via ed1 ipfw add divert natd3 all from 1.0.0.5 to all via ed2 ipfw add divert natd4 all from 1.0.0.6 to all via ed2 Of course I'd have routes on the 1.* machines to point to the gateway addresses. But of course this doesn't work at all. Am I insane? Is there a way to do this? What I really need is a way to tell natd to use several (alias) addresses as translated address, but I couldn't see how to do that. I obviously don't understand how the 'from x to y' args for ipfw work [for example, does it imply from y to x? are x and y dest addrs or intermediate hop addrs? are additional routes needed?]. If anyone can help, I'd be obliged. --ed To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message