From owner-freebsd-questions Fri Feb 18 0:32:13 2000 Delivered-To: freebsd-questions@freebsd.org Received: from relay.ucb.crimea.ua (UCB-Async4-CRISCO.CRIS.NET [212.110.129.130]) by hub.freebsd.org (Postfix) with ESMTP id 2D80F37B599 for ; Fri, 18 Feb 2000 00:31:36 -0800 (PST) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id KAA66815; Fri, 18 Feb 2000 10:30:53 +0200 (EET) (envelope-from ru) Date: Fri, 18 Feb 2000 10:30:53 +0200 From: Ruslan Ermilov To: David May Cc: freebsd-questions@FreeBSD.org Subject: Re: [Q] NATD on multiple interfaces. Message-ID: <20000218103053.A59251@relay.ucb.crimea.ua> Mail-Followup-To: David May , freebsd-questions@FreeBSD.org References: <38ACD133.D54AE165@allsolutions.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <38ACD133.D54AE165@allsolutions.com.au>; from David May on Fri, Feb 18, 2000 at 12:57:24PM +0800 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, Feb 18, 2000 at 12:57:24PM +0800, David May wrote: > Can NAT be run with multiple "public" interfaces? > All the documentation for natd and the FreeBSD > config files seem to be assume a single public > interface. Yet when I run natd with command line > such as > "natd -interface ed2 -interface ed3" > it does not complain. My aliased private network > addresses in this example are on ed1. > There are options: 1. Run two distinct natd(8), one for each public interface, on different divert ports, and with two corresponding ipfw(8) rules, e.g.: # natd -n ed2 -p 2222 # natd -n ed3 -p 3333 # ipfw add XXX divert 2222 ip from any to any via ed2 # ipfw add XXX divert 3333 ip from any to any via ed3 In this case, you will have two public IP addresses, one corresponding to ed2 and one to ed3. Packets going out through ed2 will have its source address replaced by that of ed2, while packets going through ed3 will have ed3's address. 2. Run a single natd(8) with `-alias_adderess address' instead of two -interface specifiactions (which is invalid, BTW), and redirect packets going in and out on both public interfaces, e.g.: # natd -a 1.2.3.4 # ipfw add XXX divert natd ip from any to any via ed2 # ipfw add XXX divert natd ip from any to any via ed3 In this case, you will have only one public IP address, 1.2.3.4 in the example. Cheers, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message