From owner-freebsd-questions@FreeBSD.ORG Thu Feb 16 00:50:02 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0161716A420 for ; Thu, 16 Feb 2006 00:50:02 +0000 (GMT) (envelope-from bob@a1poweruser.com) Received: from mta10.adelphia.net (mta10.adelphia.net [68.168.78.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D32643D48 for ; Thu, 16 Feb 2006 00:50:01 +0000 (GMT) (envelope-from bob@a1poweruser.com) Received: from barbish ([69.172.31.117]) by mta10.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP id <20060216005001.YRMN13051.mta10.adelphia.net@barbish>; Wed, 15 Feb 2006 19:50:01 -0500 From: To: "Andrew Pantyukhin" Date: Wed, 15 Feb 2006 19:49:59 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 In-Reply-To: Importance: Normal Cc: FreeBSD Questions Subject: RE: natd with several alias IPs X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bob@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2006 00:50:02 -0000 I am not a ipfw expert. The truth of it is I was a ipfw user before I added a LAN behind my gateway box. Ipfw does it's nating from within ipfw and that it what makes ipfw nating so hard to get right. It's even harder if you use keep state processing. Ipfilter and PF do the nating separate from the firewall so the firewall always sees the true LAN packets. For that reason I now use ipfilter. Your ipfw question may get better answers from the ipfw questions list. In reading your original post it was not clear to me that you had to do this using ipfw. I read it as you were asking if it could be done at all. Using alias ip's is not the correct term I believe. Good luck finding a ipfw solution. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Andrew Pantyukhin Sent: Wednesday, February 15, 2006 7:16 PM To: bob@a1poweruser.com Cc: FreeBSD Questions Subject: Re: natd with several alias IPs On 2/16/06, bob@a1poweruser.com wrote: > I am not sure just what you are asking about. > > Are you saying that you have 4 static public ip address assigned to > you by your ISP and you want to round robin those 4 in the NATing > process to your hundreds of LAN users? > > If that's what you are after then any of FreeBSD's 3 built in > firewall can do that by how you code the NAT statements. Read the > handbook firewall ipfilter section for details. There is no special > tricks or need for several NATed process. I'm quite aware of the fact that both pf and ipf have mature nat frameworks. The question is, how to do that with natd (and ipfw). Could you be so kind and throw an example of a round-robin setup without several natd processes, 'cuz I can hardly imagine that? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"