question on NAT for multiple subnets
gregb at scls.lib.wi.us
Fri Feb 17 10:13:46 PST 2006
Ted Mittelstaedt wrote:
> I've never done it but I think you can run multiple nat instances
> and multiple divert sockets, you will have to specify them in the
> config file to natd, though.
Excellent. That's what I was hoping for. So instead of one "divert
natd" rule in ipfw, I simply need "divert N", "divert N+1", "divert
N+2", etc. where N is a port number where I bound my first natd, N+1
the next natd instance, etc. I think I can manage that.
> If it were me, though, I would try to
> setup multiple FreeBSD boxes, not only does that give you some
> redundancy, but it makes troubleshooting a lot easier.
Thanks, but we're talking about a need for somewhere between 54 and
216 distinct NAT<->subnet instances, maybe more. I really need a
solution for one host, two NICs, that compares favorably to
providing this functionality with a PIX.
>> -----Original Message-----
>> From: owner-freebsd-questions at freebsd.org
>> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Greg Barniskis
>> Sent: Friday, February 17, 2006 8:43 AM
>> To: freebsd-questions
>> Subject: question on NAT for multiple subnets
>> I'm sure I could figure this out from scrutinizing Google, the
>> FreeBSD documentation, and testing in a lab, but I'm particularly
>> pressed for time on finding the right answer to this.
>> For a long time we've been quite happy coalescing all private IP
>> client requests onto a single public IP address through NAT.
>> Management now wants more granularity, at least one unique public IP
>> per private subnet.
>> Can I set up a single ipfw box that examines client source ip addrs
>> and provides different public NAT addrs for each private client subnet?
>> Any pointers to the best way to think about this issue much
>> appreciated. If the answer is ipfw doesn't handle this, but some
>> other fw does, fine, I just need to know which. Thanks!
>> Greg Barniskis, Computer Systems Integrator
>> South Central Library System (SCLS)
>> Library Interchange Network (LINK)
>> <gregb at scls.lib.wi.us>, (608) 266-6348
>> freebsd-questions at freebsd.org mailing list
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>> No virus found in this incoming message.
>> Checked by AVG Free Edition.
>> Version: 7.1.375 / Virus Database: 267.15.10/263 - Release
>> Date: 2/16/2006
Greg Barniskis, Computer Systems Integrator
South Central Library System (SCLS)
Library Interchange Network (LINK)
<gregb at scls.lib.wi.us>, (608) 266-6348
More information about the freebsd-questions