natd with several alias IPs
Chuck Swiger
cswiger at mac.com
Wed Feb 15 19:16:22 PST 2006
Andrew Pantyukhin wrote:
> I wonder, what tricks do you use to use more than
> one alias IP? I mean, if you have hundreds of
> hosts behind your firewall, what can you do to alias
> some of them to one ip, others to another and so on.
See "man natd" about the following options for 1-to-1 NAT translation, which can
be put into /etc/natd.conf and processed automagicly when the machine boots:
-redirect_address localIP publicIP
Redirect traffic for public IP address to a machine on the
local network. This function is known as static NAT. Nor-
mally static NAT is useful if your ISP has allocated a small
block of IP addresses to you, but it can even be used in the
case of single address:
redirect_address 10.0.0.8 0.0.0.0
The above command would redirect all incoming traffic to
machine 10.0.0.8.
If several address aliases specify the same public address as
follows
redirect_address 192.168.0.2 public_addr
redirect_address 192.168.0.3 public_addr
redirect_address 192.168.0.4 public_addr
the incoming traffic will be directed to the last translated
local address (192.168.0.4), but outgoing traffic from the
first two addresses will still be aliased to appear from the
specified public_addr.
-redirect_address localIP[,localIP[,...]] publicIP
These forms of -redirect_port and -redirect_address are used
to transparently offload network load on a single server and
distribute the load across a pool of servers. This function
is known as LSNAT (RFC 2391). For example, the argument
tcp www1:http,www2:http,www3:http www:http
means that incoming HTTP requests for host www will be trans-
parently redirected to one of the www1, www2 or www3, where a
host is selected simply on a round-robin basis, without
regard to load on the net.
--
-Chuck
More information about the freebsd-questions
mailing list