Date: Fri, 17 Feb 2006 14:47:29 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Greg Barniskis" <gregb@scls.lib.wi.us> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: RE: question on NAT for multiple subnets Message-ID: <LOBBIFDAGNMAMLGJJCKNCEGMFDAA.tedm@toybox.placo.com> In-Reply-To: <43F61258.6000604@scls.lib.wi.us>
next in thread | previous in thread | raw e-mail | index | archive | help
>-----Original Message----- >From: Greg Barniskis [mailto:gregb@scls.lib.wi.us] >Sent: Friday, February 17, 2006 10:14 AM >To: Ted Mittelstaedt >Cc: freebsd-questions >Subject: Re: question on NAT for multiple subnets > > >Ted Mittelstaedt wrote: >> I've never done it but I think you can run multiple nat instances >> and multiple divert sockets, you will have to specify them in the >> config file to natd, though. > >Excellent. That's what I was hoping for. So instead of one "divert >natd" rule in ipfw, I simply need "divert N", "divert N+1", "divert >N+2", etc. where N is a port number where I bound my first natd, N+1 >the next natd instance, etc. I think I can manage that. > I looked at the man page for natd and they specify the divert port with -port, and alias address with -alias_address Your going to have a bit of trial and error to work this config out but it shouldn't be that bad. I would love to see it posted here once you get it working. Ted PS: A firewall with a shell that you can actually initiate a telnet session from knocks a PIX into a cocked hat. And I just love dealing with a PIX on a network that has multiple gateways on it. Nothing like the lack of icmp redirects to get you swearing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LOBBIFDAGNMAMLGJJCKNCEGMFDAA.tedm>