divert to multiple public's IP

John Nielsen lists at jnielsen.net
Sun Jul 24 17:33:52 GMT 2005 

On Saturday 23 July 2005 09:02 pm, John Nielsen wrote:
> On Saturday 23 July 2005 05:25 pm, vladone wrote:
> > If i understand corectly with redirect_address i can forward an given
> > public ip (commonly an alias on pubic interface) to an internal ip
> > (private). I dont know if this is good for what i want.
> > More exactly description for what i want:
> > My private network is: 192.168.0.0/24
> > I have (example) public ip: 1.1.1.1, 1.1.1.6 and 1.1.1.9
> > I want:
> > ip's: 192.168.0.1-20 out(tranlated) with 1.1.1.1
> > ip's: 192.168.0.21-30 out with 1.1.1.6
> >  and so.
>
> If you wanted a one-to-one mapping between public and private IP's, then
> you could use redirect_address.  For what you describe above, though, the
> best approach may be to run multiple instances of natd and split up the
> traffic with ipfw.
>
> Sample setup--
>
> In /etc/services:
> natd	8668
> natd2	8669
> natd3	8670
>
> In a natd script (I don't think the rc scripts support multiple instances
> of natd):
> natd -a 1.1.1.1 -p natd
> natd -a 1.1.1.6 -p natd2
> natd -a 1.1.1.9 -p natd3
>
> And in an ipfw script:
> add divert natd3 all from 192.168.0.31,192.168.0.32,192.168.0.33 to any \
> 	via ${external_interface}
> add skipto 10000 all from 192.168.0.31,192.168.0.32,192.168.0.33 to any \
> add divert natd2 all from 192.168.0.21,192.168.0.22,192.168.0.23 to any \
> 	via ${external_interface}
> add skipto 10000 all from 192.168.0.21,192.168.0.22,192.168.0.23 to any \
> 	via ${external_interface}
> add divert natd all from any to any via ${external_interface}
> add 10000 allow all from any to any via lo0
> ...
>
> So you'd give a name to each divert port you want to use in /etc/services
> (8668 is already there), run an instance of natd for each external alias,
> and use comma-separated lists of IP addresses and skipto's in ipfw to
> direct the traffic appropriately.  Notice that I made the last one a
> default rather than specifying its addresses explicitly.  Depending on
> your needs you may want to do something similar.

On Sunday 24 July 2005 02:11 am, vladone wrote:
> Thanks John. This is what i want, and work :)
> Thanks again!!!

It occured to me you may also need rules for the other direction, a la:
add divert natd3 all from any to 1.1.1.9 via ${extarnal_interface}

Can someone correct me if I'm wrong?

JN

More information about the freebsd-ipfw mailing list