ipnat configuration
Travis Garrison
travis at netviscom.com
Tue Feb 9 22:17:51 UTC 2016
I am working on an ipnat configuration to replace our aging Cisco FWSM. We have several private IP subnets that we would like to map to several public ranges. There are more private ranges so we would actually be doing a pat. The question is on how to configure the public ip ranges so that we can use all of them in a big pool. Currently our Cisco does a 1 to 1 NAT until it runs out of addresses and then filles the rest through a single PAT ip address. We would like to do a round robin PAT and only PAT a handful addresses per public ip address. Do we need to use ippools for our setup?
I am thinking of something like this
ippool - public side
64.x.x.0/23
69.x.x.0/24
ipnat
map em0 172.20.30.0/24 -> ippoolpublic
map em0 172.20.31.0/24 -> ippoolpublic
map em0 172.20.32.0/24 -> ippoolpublic
map em0 172.20.33.0/24 -> ippoolpublic
map em0 172.20.34.0/24 -> ippoolpublic
map em0 172.20.35.0/24 -> ippoolpublic
map em0 172.20.36.0/24 -> ippoolpublic
map em0 172.20.37.0/24 -> ippoolpublic
map em0 172.20.38.0/24 -> ippoolpublic
Thank you
Travis Garrison
More information about the freebsd-ipfw
mailing list