From owner-freebsd-questions@FreeBSD.ORG Fri Feb 17 22:47:37 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 265E716A422 for ; Fri, 17 Feb 2006 22:47:37 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.web-strider.com [65.75.192.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED43A43D58 for ; Fri, 17 Feb 2006 22:47:32 +0000 (GMT) (envelope-from tedm@toybox.placo.com) Received: from tedwin2k (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id k1HMlUu23005; Fri, 17 Feb 2006 14:47:30 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Greg Barniskis" Date: Fri, 17 Feb 2006 14:47:29 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 In-Reply-To: <43F61258.6000604@scls.lib.wi.us> Importance: Normal Cc: freebsd-questions Subject: RE: question on NAT for multiple subnets X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2006 22:47:37 -0000 >-----Original Message----- >From: Greg Barniskis [mailto:gregb@scls.lib.wi.us] >Sent: Friday, February 17, 2006 10:14 AM >To: Ted Mittelstaedt >Cc: freebsd-questions >Subject: Re: question on NAT for multiple subnets > > >Ted Mittelstaedt wrote: >> I've never done it but I think you can run multiple nat instances >> and multiple divert sockets, you will have to specify them in the >> config file to natd, though. > >Excellent. That's what I was hoping for. So instead of one "divert >natd" rule in ipfw, I simply need "divert N", "divert N+1", "divert >N+2", etc. where N is a port number where I bound my first natd, N+1 >the next natd instance, etc. I think I can manage that. > I looked at the man page for natd and they specify the divert port with -port, and alias address with -alias_address Your going to have a bit of trial and error to work this config out but it shouldn't be that bad. I would love to see it posted here once you get it working. Ted PS: A firewall with a shell that you can actually initiate a telnet session from knocks a PIX into a cocked hat. And I just love dealing with a PIX on a network that has multiple gateways on it. Nothing like the lack of icmp redirects to get you swearing.