divert to multiple public's IP

John Nielsen lists at jnielsen.net
Sun Jul 24 01:02:40 GMT 2005

On Saturday 23 July 2005 05:25 pm, vladone wrote:
> If i understand corectly with redirect_address i can forward an given
> public ip (commonly an alias on pubic interface) to an internal ip
> (private). I dont know if this is good for what i want.
> More exactly description for what i want:
> My private network is:
> I have (example) public ip:, and
> I want:
> ip's: out(tranlated) with
> ip's: out with
>  and so.

If you wanted a one-to-one mapping between public and private IP's, then you 
could use redirect_address.  For what you describe above, though, the best 
approach may be to run multiple instances of natd and split up the traffic 
with ipfw.

Sample setup--

In /etc/services:
natd	8668
natd2	8669
natd3	8670

In a natd script (I don't think the rc scripts support multiple instances of 
natd -a -p natd
natd -a -p natd2
natd -a -p natd3

And in an ipfw script:
add divert natd3 all from,, to any \
	via ${external_interface}
add skipto 10000 all from,, to any \
add divert natd2 all from,, to any \
	via ${external_interface}
add skipto 10000 all from,, to any \
	via ${external_interface}
add divert natd all from any to any via ${external_interface}
add 10000 allow all from any to any via lo0

So you'd give a name to each divert port you want to use in /etc/services 
(8668 is already there), run an instance of natd for each external alias, 
and use comma-separated lists of IP addresses and skipto's in ipfw to 
direct the traffic appropriately.  Notice that I made the last one a 
default rather than specifying its addresses explicitly.  Depending on your 
needs you may want to do something similar.


More information about the freebsd-ipfw mailing list