how 2 address&port map outbound traffic to multiple/different IPs
on a single intfc?
snowcrash+freebsd
schneecrash+freebsd at gmail.com
Tue Jun 12 02:20:48 UTC 2007
hi,
i'm trying to do 1:1 (nat?) *outbound* address mapping using pf, but
NOT 'whole server' binat, but rather a single address&port. i'm close,
but no cigar ... any suggestions?
details follow ...
thanks!
i've a block of 8 static IPs, x.x.x.1 - x.x.x.8.
freebsd6.2-Rp5+pf are installed as my edge router/firewall.
the router has a SINGLE external interface, "sis0", mapped at bootup
to a single pppoe-generated interface, "tun0".
ifconfig shows that "tun0" is assigned the 'primary' IP of x.x.x.1.
so most of my LAN->WAN traffic travels out, appearing to originate at
x.x.x.1.
i've two mail servers on my LAN, at private addresses z.z.z.100 & z.z.z.200.
i've NAT+rdr set up to address-map WAN to LAN addresses for the two servers.
nat on $ext_if from $int_if:network to any -> ($ext_if)
rdr on $ext_if proto tcp from any to x.x.x.2 port 25 ->
z.z.z.102 port 25
rdr on $ext_if proto tcp from any to x.x.x.3 port 25 ->
z.z.z.103 port 25
where $ext_if == tun0.
now as to OUTBOUND mapping ... i want to make sure that traffic:
FROM internal server @ z.z.z.102:25 exits $ext_if, 'seen' as SRC_ADDR=x.x.x.2
&
FROM internal server @ z.z.z.103:25 exits $ext_if, 'seen' as SRC_ADDR=x.x.x.3
reading:
"PF: Network Address Translation (NAT)"
http://cvs.openbsd.org/faq/pf/nat.html
and,
"PF: Address Pools and Load Balancing
http://cvs.openbsd.org/faq/pf/pools.html
(1) 'binat' is not what i want, as i want to ONLY map a single addr
for a single port -- NOT the whole server in a 1:1 mapping for all
ports
and,
(2) from the POOLS discussion, 'simple' outbound NAT:
nat on $ext_if from z.z.z.102 port 25 to any -> ($ext_if)
nat on $ext_if from z.z.z.102 port 25 to any -> ($ext_if)
doesn't do it either - i dno't think -- as $ext_if picks up the
"primary IP" assigned via the pppoe startup, x.x.x.1.
so, i think i'm in the right ballpark with *nat of some sort, but how
do i get this done correctly?
cheers!
More information about the freebsd-questions
mailing list