NAT with IP != primary external IP
Lawrence Farr
freebsd-isp at epcdirect.co.uk
Mon Oct 25 08:59:48 PDT 2004
> -----Original Message-----
> From: owner-freebsd-pf at freebsd.org
> [mailto:owner-freebsd-pf at freebsd.org] On Behalf Of Aled Treharne
> Sent: 23 October 2004 12:15
> To: freebsd-pf at freebsd.org
> Subject: NAT with IP != primary external IP
>
> Hi guys.
>
> I'm trying to set up a firewall on a box for a friend. The
> arrangement is
> fairly simple, bunch of machines behind the FBSD box, FBSD
> box connected to
> ADSL. What I'd like to do (because I wanted to in the first
> place, and now
> it's annoying me) is to have 2 Ips on the external i/f on the
> FBSD box, and
> have one as the machine's primary IP and t'other solely as
> the NAT IP. I've
> tried putting various Ips in the places that make sense to
> me, but I just
> couldn't get it to work[1].
>
> Is this possible, and if so, would someone be so kind as to
> tell me how? I'm
> trying to move over to pf from ipfw, and if I can get it
> working, I've got a
> strong case for using it at work as well.
>
> Thanks in advance for your sage advice. :)
>
> Cheers,
> Aled.
>
> [1] This is just one place where I prefer linux's eth0:alias1
> type labelling
> of sub-interfaces over FreeBSD's
> just-put-multiple-ips-on-one-interface way.
I use the following:
ext_ipa="1.2.3.4"
axt_ipb="1.2.3.5"
net_if="fxp0"
table <inets> { 7.8.9.0/24, 4.5.6.0/24 }
nat on $net_if from <inets> to any -> $ext_ipb
So traffic matching <inets> gets sent out via $ext_ipb,
all other traffic comes out on $ext_ipa.
Regards,
Lawrence Farr
More information about the freebsd-pf
mailing list