divert to multiple public's IP

[John Nielsen]

On Saturday 23 July 2005 05:25 pm, vladone wrote:
> If i understand corectly with redirect_address i can forward an given
> public ip (commonly an alias on pubic interface) to an internal ip
> (private). I dont know if this is good for what i want.
> More exactly description for what i want:
> My private network is: 192.168.0.0/24
> I have (example) public ip: 1.1.1.1, 1.1.1.6 and 1.1.1.9
> I want:
> ip's: 192.168.0.1-20 out(tranlated) with 1.1.1.1
> ip's: 192.168.0.21-30 out with 1.1.1.6
>  and so.

If you wanted a one-to-one mapping between public and private IP's, then you 
could use redirect_address.  For what you describe above, though, the best 
approach may be to run multiple instances of natd and split up the traffic 
with ipfw.

Sample setup--

In /etc/services:
natd	8668
natd2	8669
natd3	8670

In a natd script (I don't think the rc scripts support multiple instances of 
natd):
natd -a 1.1.1.1 -p natd
natd -a 1.1.1.6 -p natd2
natd -a 1.1.1.9 -p natd3

And in an ipfw script:
add divert natd3 all from 192.168.0.31,192.168.0.32,192.168.0.33 to any \
	via ${external_interface}
add skipto 10000 all from 192.168.0.31,192.168.0.32,192.168.0.33 to any \
add divert natd2 all from 192.168.0.21,192.168.0.22,192.168.0.23 to any \
	via ${external_interface}
add skipto 10000 all from 192.168.0.21,192.168.0.22,192.168.0.23 to any \
	via ${external_interface}
add divert natd all from any to any via ${external_interface}
add 10000 allow all from any to any via lo0
...

So you'd give a name to each divert port you want to use in /etc/services 
(8668 is already there), run an instance of natd for each external alias, 
and use comma-separated lists of IP addresses and skipto's in ipfw to 
direct the traffic appropriately.  Notice that I made the last one a 
default rather than specifying its addresses explicitly.  Depending on your 
needs you may want to do something similar.

JN