> I have an application in which I'd like a FreeBSD router to have > multiple, isolated LANS attached to it, each with the same address > space. The FreeBSD box would take the place of multiple NAT routers. > > For example, I might want to have three internal Ethernet > interfaces on the FreeBSD box. Each would be connected to a LAN > whose internal addresses are 192.168.0.0/24. The FreeBSD box would > do NAT for all of them, and of course they could not "see" one another. > > The alternatives, of course, would be to install multiple NAT > routers -- which would be a waste -- or to number the LANs > differently. But the organization for which I'm doing this wants > everything about each LAN to be absolutely standard (printers at > the same static addresses, etc.) so that their IT guys can walk in > and know exactly how everything's numbered. > > Is it possible to do a "hydra headed" router such as this with > FreeBSD? I'm not sure that FreeBSD's natd is equipped to sort > incoming packets for multiple, identically numbered LANs properly, > because it would have to remember interface names as well as > addresses. Also, there would be the question of how one would > connect inward to the machines on the LANs, since "ping > 192.168.0.100" would be ambiguous. (Perhaps one could do it from a > jail. In fact, perhaps the virtual NAT routers could be set up in jails....)
The most cumbersome thing is the same net on ifaces. Not sure, but I do if I try: client interfaces: if0, if1, if2 external interface: ef0 default router for all clients: 192.168.0.1 ifconfig if0 inet 10.0.0.1/32 ifconfig if1 inet 10.0.0.2/32 ifconfig if2 inet 10.0.0.3/32 ifconfig lo0 inet 192.168.0.1/32 sysctl net.link.ether.inet.proxyall=1 ifconfig ef0 inet ...1 Say your provider to route ...2, ...3, ...4 to ...1, start 3 natd with ...2, ...3, ...4 IP addresses. On internal -> external direction do usual NAT by own natd for each iface (try Julian Elischer's post but do simplier) and on external -> internal direction mark pakets before natd with, for example 1, 2, 3 mark and after natd forward packets 1 marked to 10.0.0.1, 2 marked to 10.0.0.2 so on. 2 things I am not sure: is natd marks safe? How ipfw forward to own iface works? (it worked for me with route) Sorry my bad English _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
