question on NAT for multiple subnets
Rob Connon (Info)
rob.info at vfs.com
Sat Feb 18 13:49:22 PST 2006
Look at PF if your running FreeBSD 5/6. - You can do this easily and
it's well documented.
IMO it's alot more functional and usable over ipfw and definetly better
documentation.
http://www.openbsd.org/faq/pf/index.html - *most* of the features in the
OpenBSD faq cover the freebsd port.
Greg Barniskis wrote:
> Ted Mittelstaedt wrote:
>
>> I've never done it but I think you can run multiple nat instances
>> and multiple divert sockets, you will have to specify them in the
>> config file to natd, though.
>
>
> Excellent. That's what I was hoping for. So instead of one "divert
> natd" rule in ipfw, I simply need "divert N", "divert N+1", "divert
> N+2", etc. where N is a port number where I bound my first natd, N+1
> the next natd instance, etc. I think I can manage that.
>
>> If it were me, though, I would try to
>> setup multiple FreeBSD boxes, not only does that give you some
>> redundancy, but it makes troubleshooting a lot easier.
>
>
> Thanks, but we're talking about a need for somewhere between 54 and
> 216 distinct NAT<->subnet instances, maybe more. I really need a
> solution for one host, two NICs, that compares favorably to providing
> this functionality with a PIX.
>
>
>> Ted
>>
>>> -----Original Message-----
>>> From: owner-freebsd-questions at freebsd.org
>>> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Greg Barniskis
>>> Sent: Friday, February 17, 2006 8:43 AM
>>> To: freebsd-questions
>>> Subject: question on NAT for multiple subnets
>>>
>>>
>>> I'm sure I could figure this out from scrutinizing Google, the
>>> FreeBSD documentation, and testing in a lab, but I'm particularly
>>> pressed for time on finding the right answer to this.
>>>
>>> For a long time we've been quite happy coalescing all private IP
>>> client requests onto a single public IP address through NAT.
>>> Management now wants more granularity, at least one unique public IP
>>> per private subnet.
>>>
>>> Can I set up a single ipfw box that examines client source ip addrs
>>> and provides different public NAT addrs for each private client subnet?
>>>
>>> Any pointers to the best way to think about this issue much
>>> appreciated. If the answer is ipfw doesn't handle this, but some
>>> other fw does, fine, I just need to know which. Thanks!
>>>
>>>
>>> --
>>> Greg Barniskis, Computer Systems Integrator
>>> South Central Library System (SCLS)
>>> Library Interchange Network (LINK)
>>> <gregb at scls.lib.wi.us>, (608) 266-6348
>>> _______________________________________________
>>> freebsd-questions at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>> To unsubscribe, send any mail to
>>> "freebsd-questions-unsubscribe at freebsd.org"
>>>
>>> --
>>> No virus found in this incoming message.
>>> Checked by AVG Free Edition.
>>> Version: 7.1.375 / Virus Database: 267.15.10/263 - Release Date:
>>> 2/16/2006
>>>
>>
>>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2773 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060218/2188445c/smime.bin
More information about the freebsd-questions
mailing list