natd with several alias IPs

bob at a1poweruser.com bob at a1poweruser.com
Wed Feb 15 16:50:02 PST 2006 

I am not a ipfw expert. The truth of it is I was a ipfw user before
I added a LAN behind my gateway box. Ipfw does it's nating from
within ipfw and that it what makes ipfw nating so hard to get right.
It's even harder if you use keep state processing.  Ipfilter and PF
do the nating separate from the firewall so the firewall always sees
the true LAN packets. For that reason I now use ipfilter. Your ipfw
question may get better answers from the ipfw questions list. In
reading your original post it was not clear to me that you had to do
this using ipfw. I read it as you were asking if it could be done at
all. Using alias ip's is not the correct term I believe.
Good luck finding a ipfw solution.

-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Andrew
Pantyukhin
Sent: Wednesday, February 15, 2006 7:16 PM
To: bob at a1poweruser.com
Cc: FreeBSD Questions
Subject: Re: natd with several alias IPs


On 2/16/06, bob at a1poweruser.com <bob at a1poweruser.com> wrote:
> I am not sure just what you are asking about.
>
> Are you saying that you have 4 static public ip address assigned
to
> you by your ISP and you want to round robin those 4 in the NATing
> process to your hundreds of LAN users?
>
> If that's what you are after then any of FreeBSD's 3 built in
> firewall can do that by how you code the NAT statements.  Read the
> handbook firewall ipfilter section for details. There is no
special
> tricks or need for several NATed process.

I'm quite aware of the fact that both pf and ipf have
mature nat frameworks. The question is, how to do
that with natd (and ipfw). Could you be so kind and
throw an example of a round-robin setup without
several natd processes, 'cuz I can hardly imagine
that?
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list