NAT Question

Koroush Saraf koroush.saraf at
Tue Jun 10 15:27:01 PDT 2003

Hi all,

I'm trying to setup a BSD box to act as a NAT gateway between private net and public Internet.  My requirements is to map the src and destination of the packet according to a set of rules.

The BSD box has two public IP addresses. Depending on which interface the packet arrives on it will get routed to a different private destination address.

I'm using ipnat with the following mapping on the NAT box.
The Nat box has only 1 interface xl0
the ip addresses of this interface are: 
public  129.197,244.6/24,, 

The servers on the private lan are and on two different subnets.

List of active MAP/Redirect filters:
map xl0 ->
map xl0 ->
map xl0 ->
map xl0 ->

However I'm not getting the desired results.

>From a computer with ip address of I ping I expect the icmp packet to reach the BSDNAT box and get translated to the address and forwarded with src address of out of xl0 to the particular server.  Then the server would reply back to and it would get translated back to with a source address of  But this is not happening.

If the source of the Ping is a BSD box, the reply comes back as if I was routed to the destination server, but in reality its not being routed since the destination server doesn't see the packet

for example:

ping from Freebsd box

Pinging with 32 bytes of data:
Reply from bytes=32 time<10ms TTL=255

But doesn't really see the ping packets.  (verified using tcpdump and the delay metric which remains the same whether I ping

and ping from a windows box doesn't even get translated and times out.

So In short I need someone to tell me the correct synthax to setup the mapping so that I can map any src and dst IP address into any other Src and dst address and retain the return path as well.

thanks for your thoughts in advance,

More information about the freebsd-questions mailing list