multiple VLAN's public IP's and NATd's : HowTo ?
Eric W. Bates
ericx_lists at vineyard.net
Thu Nov 13 05:50:33 PST 2003
There was a thread on this list about how to do multiple nat'tings less than a year ago.
Run your natd's on separate ports.
Get ipfw to do lots of logging. (don't make the mistake of having natd log: all instances try to open the same log file path)
----- Original Message -----
From: "Kristian Rask" <krask at isupport.dk>
To: <freebsd-net at freebsd.org>
Sent: Thursday, November 13, 2003 3:05 AM
Subject: multiple VLAN's public IP's and NATd's : HowTo ?
Hi all
How would one go about running several instances of natd with unique public IP's for several VLAN's terminated on the same interface ?
The idea being that multiple seperate RFC-1918 networks are
terminated as VLANS in the FreeBSD machine and that
each VLAN goes through a seperate NAT'd instance in order to
NAT on a particular public IP.
1. House full of businesses.. (here shown w. 5/8)
2. Each buisiness has it's own LAN
3. Each LAN goes into a switch where the port is configured as a particular LAN
4. The switch is connected to a FreeBSD machine w. a set of
VLAN's matching those in the seperate businesses
5. There should be 1 instance of NATd running for each VLAN
6. Each NATd uses seperate public IP's
7. WAN Staticly configured using a /30
8. /29 net for 5/8 seperate NATd's (a.b.c.0/29) routed to the wan.
9. possibly "ifconfig SomePhysIf0 a.b.c.1/29"
I think for 5 IP's it would be something like:
for i in 2 3 4 5 6; do
natd -port 100${i} \
-f /etc/natd_${i}.conf \
-n <phys-if or vlan ?> \
-a a.b.c.${i}
done
for i in 2 3 4 5 6; do
ipfw add divert 100${i} all ....
(from VLAN-if | VLAN-CIDR | ... ?)
to any ...(in via VLAN-if | out via WAN-if | .... ?)
done
i *assume* i need to configure the /29 somewhere ..
i *suspect* that i can do something "weird" and actually
use all 8 IP's ... perhaps configure the 8 IP's as aliases on lo ?
we will have more than a few addresses in order to be able to deliver
routeable addresses if anyone so requests..
like.. a /26 of wich we use a /28 for permanent IP's and can deliver
6 /29 for the few who actually needs a routable network.
anyone has any experiences or hints / pointers ?
TIA and regards
Kristian aka The eternal newbie
_______________________________________________
freebsd-net at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list