On Wed, 7 Mar 2001, Peter Brezny wrote:
>
> Let's say I had two internal subnets that i'd like to nat with different
> external ip's, while also doing static nat on one of each of the internal
> ip's. Could i do that by doing something like thils:
>
> rc.conf
> natd_flags="-f /etc/natd.conf1"
> natd_flags="-f /etc/natd.conf2"
Only the second line above will get executed.
>
> rc.firewall
> $fwcmd add divert 8668 all from 10.1.1.1/24 to any via $oif
> $fwcmd add divert 8669 all from 10.1.2.1/24 to any via $oif
>
The second rule will never get hit because the packets will only
get divert through the first divert rule.
> natd.conf1
> port 8668
> interface fxp0
> dynamic yes
> alias_address external_ip_1
> redirect_address 10.1.1.4 external_ip_1
>
> natd.conf2
> port 8668
> interface fxp0
> dynamic yes
> alias_address external_ip_2
> redirect_address 10.1.2.4 external_ip_2
>
The port statement on the second set is the same as the
first.
You really only need to run 1 natd and put both external
ranges in your config. Like so:
// In natd.conf:
port 8668
interface fxp0
dynamic yes
redirect_address 10.1.1.4 external_ip_1
redirect_address 10.1.2.4 external_ip_2
Then add ipfw fwd's to direct traffic the correct way. So the total ipfw
ruleset would look like this:
...
ipfw divert 8668 ip from any to any via fxp0
ipfw fwd A.A.A.A ip from external_range_1 to any out via fxp0
ipfw fwd B.B.B.B ip from external_range_2 to any out via fxp0
...
...
Where A.A.A.A is the gateway address of the external_range_1 and B.B.B.B
is the gateway address of the external_range_2.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
