NAT question

wishmaster artemrts at ukr.net
Sun Feb 22 05:48:03 UTC 2015 


 --- Original Message ---
 From: "Konstantin Kulikov" 
 Date: 21 February 2015, 20:55:54
 


> Hello.
> 
> ipfw nat 1 config ip 1.2.3.4
> ipfw nat 2 config ip 1.2.3.5
> ipfw nat 3 config ip 1.2.3.6
> ipfw add nat 1 ip from 4.5.6.7/32 to any out via $ext
> ipfw add nat 2 ip from 4.5.6.0/24 to any out via $ext
> ipfw add nat 3 ip from 8.9.0.0/24 to any out via $ext
> ipfw add nat 1 ip from any to 1.2.3.4 in via $ext
> ipfw add nat 2 ip from any to 1.2.3.5 in via $ext
> ipfw add nat 3 ip from any to 1.2.3.6 in via $ext
> 
> Should work (untested though).

 I think you should use nat global in case of topic starter.


> As for your dnat questing I think you want redirect_addr nat option.
> 
> On Sat, Feb 21, 2015 at 5:08 AM, Mason Loring Bliss  wrote:
> > Hi all.
> >
> > With iptables, I can say something like:
> >
> > -t nat -A POSTROUTING -o eth0 -s 4.5.6.7/32 -d 0/0 -j SNAT --to-source 1.2.3.4
> > -t nat -A POSTROUTING -o eth0 -s 4.5.6.0/24 -d 0/0 -j SNAT --to-source 1.2.3.5
> > -t nat -A POSTROUTING -o eth0 -s 8.9.0.0/24 -d 0/0 -j SNAT --to-source 1.2.3.6
> >
> > So, traffic going out from 4.5.6.7 goes into the world sourced from 1.2.3.4,
> > whereas the rest of 4.5.6/24 goes as 1.2.3.5, and all of 8.9.0/24 comes out
> > from 1.2.3.6.
> >
> > I don't see how to do this with IPFW. I assume there's some way to do it with
> > the GENERIC kernel, so I'm assuming natd is deprecated, as it requires a
> > custom kernel, as far as I can see.
> >
> > How do I accomplish this with IPFW? Or do I need to use PF for this? Or are
> > those independent of the NAT after all and I want to use something else? If
> > that's the case, does it require natd and a custom kernel, or is there
> > something that works with a GENERIC kernel? (This will be 10.1, FWIW.)
> >
> > Thanks.
> >
> > --
> > Love is a snowmobile racing across the tundra and then suddenly it
> > flips over, pinning you underneath. At night, the ice weasels come.
> > _______________________________________________
> > freebsd-net at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
> > To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

More information about the freebsd-net mailing list