Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 24 Sep 2007 13:37:29 -0700
From:      Christopher Cowart <ccowart@rescomp.berkeley.edu>
To:        freebsd-net@freebsd.org
Subject:   Re: Large-scale 1-1 NAT
Message-ID:  <20070924203729.GR19429@hal.rescomp.berkeley.edu>
In-Reply-To: <200709241257.27219.max@love2party.net>
References:  <20070924072517.GL19429@hal.rescomp.berkeley.edu> <46F77C27.9050400@net.utcluj.ro> <200709241257.27219.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

--YiSnftFthKPM0z4v
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 24, 2007 at 12:57:19PM +0200, Max Laier wrote:
> On Monday 24 September 2007, Cristian KLEIN wrote:
> > Christopher Cowart wrote:
> > > The real question is: what's the best way to dynamically update the
> > > NAT table?
> >
> > You may use IPFW with IPNAT or PF instead. PF is able to reload its
> > configuration without disruption. Moreover, because the state table is
> > not flushed during a reload, you can even move NATed clients from one
> > public IP to another, without them noticing.
>=20
> In fact pf comes with an almost ready-made sollution.  Check out authpf(8=
)=20
> for details.

That looks pretty cool. The problem is these are not local users; the
only way to authenticate them is to use web-based services.

--=20
Chris Cowart
Lead Systems Administrator
Network & Infrastructure Services, RSSP-IT
UC Berkeley

--YiSnftFthKPM0z4v
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)

iQIVAwUBRvggCSPHEDszU3zYAQIKLxAAoCnvCgQj3mKqcBrEsVnnXSuKtHbaOTt2
VDPeUDK+NLc6tFVrfZ2GRVSeEK3nNrlbqeWDZtMR+XG4IMarDO41JyFt9sOY3UTb
dK+s7lEA7XNQ1JZ7h6dwtiX/ZkG6wR2248+KcOgObgceegMmFXwwPqsOyAEXLnYY
6dm+aWfqgO6YWiwTGyMMUfdzdMfT33p5vfMvYmbcUKKJ4D71IGNuKmLmDmE6WY97
QgSjsGUsxGDV0hDL9x8URBCz5FrxLDtA2IMtVf5u3YZ+wCBxU8IuCYGOjox+JAmK
G9zWUDpy8jIiL0xTkgFtEcGq9pYsZRMJwXcXJ+GInEonWICe0ZKAePNGePkyLk2H
OwGDfCE6QyOr7mWrEQOnIxe3xAiamJ8j5EQeSM3Z3TmaCfG5ixl7w1CHDEi1TUyk
B8tHCAMP/ZZhkulOcrYPW3E5GEmL8hxZ2a39xI0RNGCUFQJC4mKtAdxv4RsKHpma
+uJAlxxDmPo7vWi8P+c7v5G2N+9kaweF6w3PQCmO9F2jXHTtc9TcwU2k9EKp0y9Y
PfvgNA45RPcPd2P+1SV2WkXkd7VOTmKL+TuXCvsHq4e4582iFhxaxuOHaxOYVxSB
as9OTmuiOZCln57eOWoRw1RPNvczx+JuMFiTwxdV5aAGK6P66/8/8zMQOVsQyY8u
OmsNOHuzikI=
=aKMp
-----END PGP SIGNATURE-----

--YiSnftFthKPM0z4v--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070924203729.GR19429>