From owner-freebsd-questions  Wed Jun 27  9:40:15 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from out3.mx.nwbl.wi.voyager.net (out3.mx.nwbl.wi.voyager.net [169.207.3.79])
	by hub.freebsd.org (Postfix) with ESMTP id C4E6E37B401
	for <questions@freebsd.org>; Wed, 27 Jun 2001 09:40:11 -0700 (PDT)
	(envelope-from dpoland@execpc.com)
Received: from earth.execpc.com (dpoland@earth.execpc.com [169.207.16.1])
	by out3.mx.nwbl.wi.voyager.net (8.11.1/8.11.1) with ESMTP id f5RGAG673856
	for <questions@freebsd.org>; Wed, 27 Jun 2001 11:10:16 -0500 (CDT)
Received: (from dpoland@localhost) by earth.execpc.com (8.9.0) id LAA19364 for questions@freebsd.org; Wed, 27 Jun 2001 11:40:11 -0500 (CDT)
Date: Wed, 27 Jun 2001 11:40:11 -0500
From: Doug Poland <doug@polands.org>
To: questions@freebsd.org
Subject: ipfw/natd - howto divert based on source IP?
Message-ID: <20010627114010.A19216@polands.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3us
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello,

I'm trying to configure a 4.3-STABLE box to divert
packets based on the source IP address.  The result 
should be the packet looks like it's coming from a
given address based on it's source.

i.e.,

MyHost as 3 public IPs:

ifconfig xl0 inet xxx.xxx.xxx.113 netmask 255.255.255.224
ifconfig xl0 inet xxx.xxx.xxx.126 netmask 255.255.255.224 alias 
ifconfig xl0 inet xxx.xxx.xxx.99 netmask 255.255.255.224 alias 

Any packets originating from the machine itself (.113)
should look like it came from .99

Any packets originating from hosts .100-.112, should not
have their IP address translated

Any packets originating from my private network (192.168.0/24)
should have their IP's translated to look like it came from .126.

I've successfully configured natd/ipfw to nat and use .126 as
the alias_address.  This is what I'm thinking about doing...

1. Remove: alias_address xxx.xxx.xxx.126 from natd.conf
2. Remove: divert natd ip from any to any via xl0 from rc.firewall
3. Add:

	divert natd ip from xxx.xxx.xxx.113 to xxx.xxx.xxx.99 via xl0
	divert natd ip from xxx.xxx.xxx.100 to xxx.xxx.xxx.100 via xl0
	divert natd ip from xxx.xxx.xxx.101 to xxx.xxx.xxx.101 via xl0
	etc., etc., etc.,  
	divert natd ip from xxx.xxx.xxx.112 to xxx.xxx.xxx.112 via xl0
	divert natd ip from 192.168.3.0/24 to xxx.xxx.xxx.126 via xl0

Does this make sense?  Is there a better/easier way to achieve 
what I'm after.

Many thanks for your help.


-- 

Regards,
Doug

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message