how 2 address&port map outbound traffic to multiple/different IPs on a single intfc?

Mon, 11 Jun 2007 19:21:39 -0700 

hi,

i'm trying to do 1:1 (nat?) *outbound* address mapping using pf, but
NOT 'whole server' binat, but rather a single address&port. i'm close,
but no cigar ... any suggestions?

details follow ...

thanks!

i've a block of 8 static IPs, x.x.x.1 - x.x.x.8.

freebsd6.2-Rp5+pf are installed as my edge router/firewall.

the router has a SINGLE external interface, "sis0", mapped at bootup
to a single pppoe-generated interface, "tun0".

ifconfig shows that "tun0" is assigned the 'primary' IP of x.x.x.1.
so most of my LAN->WAN traffic travels out, appearing to originate at
x.x.x.1.

i've two mail servers on my LAN, at private addresses z.z.z.100 & z.z.z.200.

i've NAT+rdr set up to address-map WAN to LAN addresses for the two servers.

 nat on $ext_if           from $int_if:network to any -> ($ext_if)
 rdr on $ext_if proto tcp from any             to x.x.x.2 port 25 ->
z.z.z.102 port 25
 rdr on $ext_if proto tcp from any             to x.x.x.3 port 25 ->
z.z.z.103 port 25

where $ext_if == tun0.

now as to OUTBOUND mapping ... i want to make sure that traffic:

  FROM internal server @ z.z.z.102:25 exits $ext_if, 'seen' as SRC_ADDR=x.x.x.2

&

  FROM internal server @ z.z.z.103:25 exits $ext_if, 'seen' as SRC_ADDR=x.x.x.3

reading:

        "PF: Network Address Translation (NAT)"
                http://cvs.openbsd.org/faq/pf/nat.html

and,

        "PF: Address Pools and Load Balancing
                http://cvs.openbsd.org/faq/pf/pools.html

(1) 'binat' is not what i want, as i want to ONLY map a single addr
for a single port -- NOT the whole server in a 1:1 mapping for all
ports

and,

(2) from the POOLS discussion, 'simple' outbound NAT:

        nat on $ext_if from z.z.z.102 port 25 to any -> ($ext_if)
        nat on $ext_if from z.z.z.102 port 25 to any -> ($ext_if)

doesn't do it either - i dno't think -- as $ext_if picks up the
"primary IP" assigned via the pppoe startup, x.x.x.1.


so, i think i'm in the right ballpark with *nat of some sort, but how
do i get this done correctly?

cheers!
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to