natd with several alias IPs
Andrew Pantyukhin
infofarmer at gmail.com
Wed Feb 15 17:11:42 PST 2006
On 2/16/06, bob at a1poweruser.com <bob at a1poweruser.com> wrote:
> I am not a ipfw expert. The truth of it is I was a ipfw user before
> I added a LAN behind my gateway box. Ipfw does it's nating from
> within ipfw and that it what makes ipfw nating so hard to get right.
> It's even harder if you use keep state processing. Ipfilter and PF
> do the nating separate from the firewall so the firewall always sees
> the true LAN packets. For that reason I now use ipfilter. Your ipfw
> question may get better answers from the ipfw questions list. In
> reading your original post it was not clear to me that you had to do
> this using ipfw. I read it as you were asking if it could be done at
> all. Using alias ip's is not the correct term I believe.
> Good luck finding a ipfw solution.
I'm afraid you've got it all a little bit wrong. It's pf and ipf
that have built-in nat facilites. ipfw uses divert sockets
and an external natd process (so when one says natd,
it's clear that he's dealing with ipfw). Alias ip is a natd
term.
Thanks anyway
More information about the freebsd-questions
mailing list