Multiple NAT router
Brett Glass
brett at lariat.net
Fri Jul 21 17:14:27 UTC 2006
I have an application in which I'd like a FreeBSD router to have
multiple, isolated LANS attached to it, each with the same address
space. The FreeBSD box would take the place of multiple NAT routers.
For example, I might want to have three internal Ethernet
interfaces on the FreeBSD box. Each would be connected to a LAN
whose internal addresses are 192.168.0.0/24. The FreeBSD box would
do NAT for all of them, and of course they could not "see" one another.
The alternatives, of course, would be to install multiple NAT
routers -- which would be a waste -- or to number the LANs
differently. But the organization for which I'm doing this wants
everything about each LAN to be absolutely standard (printers at
the same static addresses, etc.) so that their IT guys can walk in
and know exactly how everything's numbered.
Is it possible to do a "hydra headed" router such as this with
FreeBSD? I'm not sure that FreeBSD's natd is equipped to sort
incoming packets for multiple, identically numbered LANs properly,
because it would have to remember interface names as well as
addresses. Also, there would be the question of how one would
connect inward to the machines on the LANs, since "ping
192.168.0.100" would be ambiguous. (Perhaps one could do it from a
jail. In fact, perhaps the virtual NAT routers could be set up in jails....)
--Brett Glass
More information about the freebsd-net
mailing list