question on NAT for multiple subnets

Greg Barniskis gregb at scls.lib.wi.us
Fri Feb 17 10:13:46 PST 2006 

Ted Mittelstaedt wrote:
> I've never done it but I think you can run multiple nat instances
> and multiple divert sockets, you will have to specify them in the
> config file to natd, though.  

Excellent. That's what I was hoping for. So instead of one "divert 
natd" rule in ipfw, I simply need "divert N", "divert N+1", "divert 
N+2", etc. where N is a port number where I bound my first natd, N+1 
the next natd instance, etc. I think I can manage that.

> If it were me, though, I would try to
> setup multiple FreeBSD boxes, not only does that give you some
> redundancy, but it makes troubleshooting a lot easier.

Thanks, but we're talking about a need for somewhere between 54 and 
216 distinct NAT<->subnet instances, maybe more. I really need a 
solution for one host, two NICs, that compares favorably to 
providing this functionality with a PIX.


> Ted
> 
>> -----Original Message-----
>> From: owner-freebsd-questions at freebsd.org
>> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Greg Barniskis
>> Sent: Friday, February 17, 2006 8:43 AM
>> To: freebsd-questions
>> Subject: question on NAT for multiple subnets
>>
>>
>> I'm sure I could figure this out from scrutinizing Google, the 
>> FreeBSD documentation, and testing in a lab, but I'm particularly 
>> pressed for time on finding the right answer to this.
>>
>> For a long time we've been quite happy coalescing all private IP 
>> client requests onto a single public IP address through NAT. 
>> Management now wants more granularity, at least one unique public IP 
>> per private subnet.
>>
>> Can I set up a single ipfw box that examines client source ip addrs 
>> and provides different public NAT addrs for each private client subnet?
>>
>> Any pointers to the best way to think about this issue much 
>> appreciated. If the answer is ipfw doesn't handle this, but some 
>> other fw does, fine, I just need to know which. Thanks!
>>
>>
>> -- 
>> Greg Barniskis, Computer Systems Integrator
>> South Central Library System (SCLS)
>> Library Interchange Network (LINK)
>> <gregb at scls.lib.wi.us>, (608) 266-6348
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to 
>> "freebsd-questions-unsubscribe at freebsd.org"
>>
>> -- 
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.1.375 / Virus Database: 267.15.10/263 - Release 
>> Date: 2/16/2006
>>
> 
> 


-- 
Greg Barniskis, Computer Systems Integrator
South Central Library System (SCLS)
Library Interchange Network (LINK)
<gregb at scls.lib.wi.us>, (608) 266-6348

More information about the freebsd-questions mailing list