From owner-freebsd-questions@FreeBSD.ORG  Thu Feb 16 01:11:42 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0666316A420
	for <questions@freebsd.org>; Thu, 16 Feb 2006 01:11:42 +0000 (GMT)
	(envelope-from infofarmer@gmail.com)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.205])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8A1B943D45
	for <questions@freebsd.org>; Thu, 16 Feb 2006 01:11:41 +0000 (GMT)
	(envelope-from infofarmer@gmail.com)
Received: by zproxy.gmail.com with SMTP id z31so28392nzd
	for <questions@freebsd.org>; Wed, 15 Feb 2006 17:11:37 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=tw2J0RmlbLqUL2M88tzM10wzEi/58XxE1bXkdn1FVVuvlytv6Nl8FUywW0p9CMOo3Cxl2b6Mc6EHt+aPta/HUe9PjV2m2dZje0tNYev9nJKXr9JK//6BqNXjDe4wqQtkLeuI85kPARvvqRV0P7VQdnrVNdl7zWJInPGibZF9y0w=
Received: by 10.36.65.9 with SMTP id n9mr465352nza;
	Wed, 15 Feb 2006 17:11:37 -0800 (PST)
Received: by 10.37.20.11 with HTTP; Wed, 15 Feb 2006 17:11:37 -0800 (PST)
Message-ID: <cb5206420602151711m4e152a9ew62743b0c0b49b256@mail.gmail.com>
Date: Thu, 16 Feb 2006 04:11:37 +0300
From: Andrew Pantyukhin <infofarmer@gmail.com>
To: bob@a1poweruser.com
In-Reply-To: <MIEPLLIBMLEEABPDBIEGOECAHCAA.bob@a1poweruser.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <cb5206420602151616t4cdc6908nb9a95416b4679d6c@mail.gmail.com>
	<MIEPLLIBMLEEABPDBIEGOECAHCAA.bob@a1poweruser.com>
Cc: FreeBSD Questions <questions@freebsd.org>
Subject: Re: natd with several alias IPs
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Feb 2006 01:11:42 -0000

On 2/16/06, bob@a1poweruser.com <bob@a1poweruser.com> wrote:
> I am not a ipfw expert. The truth of it is I was a ipfw user before
> I added a LAN behind my gateway box. Ipfw does it's nating from
> within ipfw and that it what makes ipfw nating so hard to get right.
> It's even harder if you use keep state processing.  Ipfilter and PF
> do the nating separate from the firewall so the firewall always sees
> the true LAN packets. For that reason I now use ipfilter. Your ipfw
> question may get better answers from the ipfw questions list. In
> reading your original post it was not clear to me that you had to do
> this using ipfw. I read it as you were asking if it could be done at
> all. Using alias ip's is not the correct term I believe.
> Good luck finding a ipfw solution.

I'm afraid you've got it all a little bit wrong. It's pf and ipf
that have built-in nat facilites. ipfw uses divert sockets
and an external natd process (so when one says natd,
it's clear that he's dealing with ipfw). Alias ip is a natd
term.

Thanks anyway