Date: Tue, 9 Feb 2016 16:41:22 -0500 (EST) From: Travis Garrison <travis@netviscom.com> To: freebsd-ipfw@freebsd.org Subject: ipnat configuration Message-ID: <2063391521.585875.1455054082796.JavaMail.zimbra@netviscom.com>
next in thread | raw e-mail | index | archive | help
I am working on an ipnat configuration to replace our aging Cisco FWSM. We have several private IP subnets that we would like to map to several public ranges. There are more private ranges so we would actually be doing a pat. The question is on how to configure the public ip ranges so that we can use all of them in a big pool. Currently our Cisco does a 1 to 1 NAT until it runs out of addresses and then filles the rest through a single PAT ip address. We would like to do a round robin PAT and only PAT a handful addresses per public ip address. Do we need to use ippools for our setup? I am thinking of something like this ippool - public side 64.x.x.0/23 69.x.x.0/24 ipnat map em0 172.20.30.0/24 -> ippoolpublic map em0 172.20.31.0/24 -> ippoolpublic map em0 172.20.32.0/24 -> ippoolpublic map em0 172.20.33.0/24 -> ippoolpublic map em0 172.20.34.0/24 -> ippoolpublic map em0 172.20.35.0/24 -> ippoolpublic map em0 172.20.36.0/24 -> ippoolpublic map em0 172.20.37.0/24 -> ippoolpublic map em0 172.20.38.0/24 -> ippoolpublic Thank you Travis Garrison
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2063391521.585875.1455054082796.JavaMail.zimbra>