On Wed, 7 Mar 2001, Peter Brezny wrote:
>
> Won't your example below show all outbound traffic from the same
> external ip, the ip that natd uses?
>
Yes and No, if the internal machine does not have a
redirect_address statement in natd.conf then it will use the
global interface or alias address outside the firewall. If
redirect_address is used then the internal address carries
redirect_address mapped external address when it goes outside the
firewall.
> I'd like to have the outbound traffic from internal range a.a.a.a have
> one external ip and the outbound traffic from internal range b.b.b.b
> have another external ip.
Um, you can...but it is very complex with one interface. I'll try
to explain why. Packets arrive and get translated to inside
addresses...everything fine at this point...packet gets delivered
to the inside machine...still no problem...but how does the
packet on the return from the internal machine know which address
to translate to when leaving the machine? Usually, it is
seperate interface, which the ipfw divert rule is running on...and
even then it is very tricky.
If you search the archives back a couple of days, I gave an
exmaple of how you would approach a problem like this.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
